Vulnerability Description
Stack-based buffer overflow in the validateUser implementation in the com.ibm.db2.das.core.DasSysCmd function in db2dasrrm in the DB2 Administration Server (DAS) component in IBM DB2 9.1 before FP10, 9.5 before FP6a, and 9.7 before FP3 allows remote attackers to execute arbitrary code via a long username string.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Db2 | 9.5 |
Related Weaknesses (CWE)
References
- ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARL
- http://secunia.com/advisories/41686Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg1IC69986
- http://www-01.ibm.com/support/docview.wss?uid=swg1IC70538
- http://www-01.ibm.com/support/docview.wss?uid=swg1IC70539
- http://www-01.ibm.com/support/docview.wss?uid=swg21426108
- http://www.securityfocus.com/bid/46077
- http://www.vupen.com/english/advisories/2010/2544Vendor Advisory
- http://www.zerodayinitiative.com/advisories/ZDI-11-035
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARL
- http://secunia.com/advisories/41686Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg1IC69986
- http://www-01.ibm.com/support/docview.wss?uid=swg1IC70538
- http://www-01.ibm.com/support/docview.wss?uid=swg1IC70539
FAQ
What is CVE-2010-3731?
CVE-2010-3731 is a vulnerability with a CVSS score of 10.0 (HIGH). Stack-based buffer overflow in the validateUser implementation in the com.ibm.db2.das.core.DasSysCmd function in db2dasrrm in the DB2 Administration Server (DAS) component in IBM DB2 9.1 before FP10, ...
How severe is CVE-2010-3731?
CVE-2010-3731 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-3731?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Db2.