Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2012-0711

Integer signedness error in the db2dasrrm process in the DB2 Administration Server (DAS) in IBM DB2 9.1 through FP11, 9.5 before FP9, and 9.7 through FP5 on UNIX platforms allows remote attackers to execute arbitrary code via a crafted request that triggers a heap-based buffer overflow.

Published

2012-03-20T20:55:01.320

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

6.4

Weaknesses

Type: Primary
CWE-189

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	ibm	db2	9.1	Yes
Application	ibm	db2	9.1	Yes
Application	ibm	db2	9.1	Yes
Application	ibm	db2	9.1	Yes
Application	ibm	db2	9.1	Yes
Application	ibm	db2	9.1	Yes
Application	ibm	db2	9.1	Yes
Application	ibm	db2	9.1	Yes
Application	ibm	db2	9.1	Yes
Application	ibm	db2	9.1	Yes
Application	ibm	db2	9.1	Yes
Application	ibm	db2	9.1	Yes
Application	ibm	db2	9.1	Yes
Application	ibm	db2	9.1	Yes
Application	ibm	db2	9.1	Yes
Application	ibm	db2	9.1	Yes
Application	ibm	db2	9.1	Yes
Application	ibm	db2	9.5	Yes
Application	ibm	db2	9.5	Yes
Application	ibm	db2	9.5	Yes
Application	ibm	db2	9.5	Yes
Application	ibm	db2	9.5	Yes
Application	ibm	db2	9.5	Yes
Application	ibm	db2	9.5	Yes
Application	ibm	db2	9.5	Yes
Application	ibm	db2	9.5	Yes
Application	ibm	db2	9.5	Yes
Application	ibm	db2	9.5	Yes
Application	ibm	db2	9.5	Yes
Application	ibm	db2	9.5	Yes
Application	ibm	db2	9.5	Yes
Application	ibm	db2	9.7	Yes
Application	ibm	db2	9.7	Yes
Application	ibm	db2	9.7	Yes
Application	ibm	db2	9.7	Yes
Application	ibm	db2	9.7	Yes
Application	ibm	db2	9.7	Yes
Application	ibm	db2	9.7	Yes
Operating System	ibm	aix	*	No
Operating System	linux	linux_kernel	*	No
Operating System	sun	sunos	*	No

References

http://www-01.ibm.com/support/docview.wss?uid=swg1IC80561 ([email protected])
http://www-01.ibm.com/support/docview.wss?uid=swg1IC80728 ([email protected])
http://www-01.ibm.com/support/docview.wss?uid=swg1IC80729 ([email protected])
http://www-01.ibm.com/support/docview.wss?uid=swg21588093 Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/77826 ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/73495 ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14842 ([email protected])
http://www-01.ibm.com/support/docview.wss?uid=swg1IC80561 (af854a3a-2127-422b-91ae-364da2661108)
http://www-01.ibm.com/support/docview.wss?uid=swg1IC80728 (af854a3a-2127-422b-91ae-364da2661108)
http://www-01.ibm.com/support/docview.wss?uid=swg1IC80729 (af854a3a-2127-422b-91ae-364da2661108)
http://www-01.ibm.com/support/docview.wss?uid=swg21588093 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/77826 (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/73495 (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14842 (af854a3a-2127-422b-91ae-364da2661108)