Multiple buffer overflows in the JAR file administration routines in the BSU JAVA subcomponent in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 allow remote authenticated users to cause a denial of service (instance crash) via a call to the (1) RECOVERJAR or (2) REMOVE_JAR procedure with a crafted parameter, related to (a) sqlj.install_jar and (b) sqlj.replace_jar.
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
| Link | Tags |
|---|---|
| http://www-1.ibm.com/support/docview.wss?uid=swg1IZ15496 | vendor advisory |
| http://www.securityfocus.com/bid/28835 | vdb entry |
| http://www-1.ibm.com/support/docview.wss?uid=swg21255607 | |
| http://www.appsecinc.com/resources/alerts/db2/2008-04.shtml | |
| http://www-1.ibm.com/support/docview.wss?uid=swg1IZ08512 | vendor advisory |
| http://osvdb.org/46269 | vdb entry |
| http://www.securityfocus.com/bid/29601 | vdb entry |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/41955 | vdb entry |
| http://www-1.ibm.com/support/docview.wss?uid=swg1IZ08945 | vendor advisory |
| http://osvdb.org/46268 | vdb entry |
| http://secunia.com/advisories/29022 | third party advisory vendor advisory |
| http://www.securityfocus.com/archive/1/491071/100/0/threaded | mailing list |