Vulnerability Description
Multiple buffer overflows in the DB2 JDBC Applet Server (DB2JDS) service in IBM DB2 9.x and earlier allow remote attackers to (1) execute arbitrary code via a crafted packet to the DB2JDS service on tcp/6789; and cause a denial of service via (2) an invalid LANG parameter or (2) a long packet that generates a "MemTree overflow."
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Db2 | <= 9.0 |
Related Weaknesses (CWE)
References
- http://osvdb.org/40973
- http://osvdb.org/40975
- http://secunia.com/advisories/25148PatchVendor Advisory
- http://www-1.ibm.com/support/search.wss?rs=0&q=IY97750&apar=only
- http://www.securityfocus.com/archive/1/482024/100/0/threaded
- http://www.securityfocus.com/bid/23890
- http://www.securityfocus.com/bid/26010
- http://www.securitytracker.com/id?1018029
- http://www.securitytracker.com/id?1018801
- http://www.vupen.com/english/advisories/2007/1707Vendor Advisory
- http://www.zerodayinitiative.com/advisories/ZDI-07-056.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34184
- http://osvdb.org/40973
- http://osvdb.org/40975
- http://secunia.com/advisories/25148PatchVendor Advisory
FAQ
What is CVE-2007-2582?
CVE-2007-2582 is a vulnerability with a CVSS score of 10.0 (HIGH). Multiple buffer overflows in the DB2 JDBC Applet Server (DB2JDS) service in IBM DB2 9.x and earlier allow remote attackers to (1) execute arbitrary code via a crafted packet to the DB2JDS service on t...
How severe is CVE-2007-2582?
CVE-2007-2582 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-2582?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Db2.