IBM DB2 Universal Database up to 9.0 sqlrlaka memory corruption

A vulnerability, which was classified as critical, was found in IBM DB2 Universal Database up to 9.0 (Database Software). This affects the function sqlrlaka. Upgrading to version 9.1 eliminates this vulnerability. Furthermore it is possible to detect and prevent this kind of attack with TippingPoint and the filter 8789.

Field03/17/2015 04:11 PM08/17/2019 06:40 PM
typeDatabase SoftwareDatabase Software
vendorIBMIBM
nameDB2 Universal DatabaseDB2 Universal Database
version<=9.0<=9.0
functionsqlrlakasqlrlaka
cwe119 (memory corruption)119 (memory corruption)
risk22
cvss2_vuldb_basescore7.87.8
cvss2_vuldb_tempscore6.16.1
cvss2_vuldb_avNN
cvss2_vuldb_acLL
cvss2_vuldb_auNN
cvss2_vuldb_ciNN
cvss2_vuldb_iiNN
cvss2_vuldb_aiCC
cvss2_nvd_avNN
cvss2_nvd_acLL
cvss2_nvd_auNN
cvss2_nvd_ciNN
cvss2_nvd_iiNN
cvss2_nvd_aiCC
cvss3_meta_basescore9.89.8
cvss3_meta_tempscore8.88.8
cvss3_vuldb_basescore9.89.8
cvss3_vuldb_tempscore8.88.8
date1219881600 (08/28/2008)1219881600 (08/28/2008)
urlhttp://xforce.iss.net/xforce/xfdb/42935http://xforce.iss.net/xforce/xfdb/42935
person_nameMartin RakhmanovMartin Rakhmanov
company_nameApplication Security Inc.Application Security Inc.
price_0day$25k-$100k$25k-$100k
nameUpgradeUpgrade
upgrade_version9.19.1
cveCVE-2008-3854CVE-2008-3854
cve_nvd_published12198816001219881600
cve_nvd_summaryMultiple stack-based buffer overflows in IBM DB2 9.1 before Fixpak 5 and 9.5 before Fixpak 1 allow remote attackers to cause a denial of service (system outage) via vectors related to (1) use of XQuery to issue statements; the (2) XMLQUERY, (3) XMLEXISTS, and (4) XMLTABLE statements; and the (5) sqlrlaka function.Multiple stack-based buffer overflows in IBM DB2 9.1 before Fixpak 5 and 9.5 before Fixpak 1 allow remote attackers to cause a denial of service (system outage) via vectors related to (1) use of XQuery to issue statements; the (2) XMLQUERY, (3) XMLEXISTS, and (4) XMLTABLE statements; and the (5) sqlrlaka function.
securityfocus2960129601
securityfocus_date1212364800 (06/02/2008)1212364800 (06/02/2008)
securityfocus_classUnknownUnknown
securityfocus_titleIBM DB2 Universal Database Prior to 9.1 Fixpak 5 Multiple VulnerabilitiesIBM DB2 Universal Database Prior to 9.1 Fixpak 5 Multiple Vulnerabilities
vulnerabilitycenter1962919629
vulnerabilitycenter_titleIBM DB2 < FixPak 5 Multiple Stack-Based Buffer Overflows Allow Remote DoS AttacksIBM DB2 < FixPak 5 Multiple Stack-Based Buffer Overflows Allow Remote DoS Attacks
vulnerabilitycenter_severityMediumMedium
vulnerabilitycenter_creationdate12229056001222905600
vulnerabilitycenter_lastupdate14609376001460937600
vulnerabilitycenter_reportingdate12123648001212364800
xforce4293542935
nessus_id3376333763
nessus_nameIBM DB2 < 9.5 Fix Pack 1 Multiple VulnerabilitiesIBM DB2 < 9.5 Fix Pack 1 Multiple Vulnerabilities
nessus_filenamedb2_95fp1.nasldb2_95fp1.nasl
nessus_riskCriticalCritical
nessus_familyDatabasesDatabases
nessus_typeremoteremote
nessus_date1217376000 (07/30/2008)1217376000 (07/30/2008)
issproventia21011852101185
tippingpoint_id87898789
mcafee_ips_idDB2: IBM DB2 Universal Database XML Query Buffer OverflowDB2: IBM DB2 Universal Database XML Query Buffer Overflow
mcafee_ips_version8.1.45.58.1.45.5
paloalto_ips_id3184231842
fortigate_ips_id1585015850
seealso3463 3464 3462 38411 39777 39776 39775 39774 39773 39772 39771 42175 42174 42139 43837 43836 43835 43834 43832 438313463 3464 3462 38411 39777 39776 39775 39774 39773 39772 39771 42175 42174 42139 43837 43836 43835 43834 43832 43831
locationWebsiteWebsite
cvss2_vuldb_ePOCPOC
cvss2_vuldb_rlOFOF
cvss2_vuldb_rcNDND
cvss3_vuldb_ePP
cvss3_vuldb_rlOO
cvss3_vuldb_rcXX
cvss3_vuldb_avN
cvss3_vuldb_acL
cvss3_vuldb_prN
cvss3_vuldb_uiN
cvss3_vuldb_sU
cvss3_vuldb_cH
cvss3_vuldb_iH
cvss3_vuldb_aH
confirm_urlhttp://www-1.ibm.com/support/docview.wss?uid=swg21255607
cve_assigned1219881600
osvdb46264
osvdb_titleIBM DB2 Universal Database XMLQUERY Statement Overflow
secunia30558
vupenADV-2008-1769

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!