Tuesday, July 11, 2017

Multiple Buffer Overflow Vulnerabilities in IBM Database software (DB2 and Informix)

Hi Dear Reader,

During the last couple of weeks we have published security vulnerabilities in database tools related to DB2 and Informix databases.
We're sure that you (as responsible database admin) usually don't run arbitrary "attacker supplied" .SQL files on your database.
But even more, after security audit results of Informix and DB2 database tools, we're sure that you want to add extra care on that one, since we've discovered that poisonous .SQL files can overflow database tools memory buffers and execute arbitrary code on your system.

Links to our advisories follows...

Informix Security Advisory:
http://www.defensecode.com/advisories/DC-2017-04-001_IBM_Informix_DB-Access_Buffer_Overflow.pdf

DB2 Security Advisory:
http://www.defensecode.com/advisories/IBM_DB2_Command_Line_Processor_Buffer_Overflow.pdf

Kind Regards,
DefenseCode Team

9 comments:

  1. Packers and Movers Bangalore 100% Affordable and Professional Packers and Movers in Bangalore. Compare Charges of Movers and Packers, Household Shifting Services @
    Packers And Movers Bangalore

    ReplyDelete
  2. Thanks on your marvelous posting! I really enjoyed reading it, you’re a great author.Please visit here:
    Packers And Movers Hyderabad

    ReplyDelete
  3. SQLite is a popular relational database management system excessively used in these days. But unlike other database management systems, it's not a client-server database engine.kpi dashboards

    ReplyDelete
  4. Computer software is covered by copyright and cannot be used unless it has been legally obtained. Computer software is protected under the federal copyright law which states that, "Users may not make a copy of a piece of software for any other reason than as an archival back-up without permission of the copyright holder. Getintopc

    ReplyDelete
  5. This type of testing is a type of black-box testing based on the specifications of the software components being tested. salesforce datawarehouse reporting

    ReplyDelete
  6. This blog is so nice to me. I will continue to come here again and again. Visit my link as well. Good luck
    obat aborsi
    cara menggugurkan kandungan
    cara menggugurkan kandungan

    ReplyDelete
  7. By shuffling through these cards, it is possible to identify who went on which tour, produce an alphabetized list, or, rearrange the cards in zip code order for a bulk mailing. oracle dashboards

    ReplyDelete