Multiple Buffer Overflow Vulnerabilities in IBM Database Software (DB2 and Informix)

by: DefenseCode |

During the last couple of weeks we have published security vulnerabilities in database tools related to DB2 and Informix databases.

We’re sure that you (as responsible database admin) usually don’t run arbitrary “attacker supplied” .SQL files on your database. But even more, after security audit results of Informix and DB2 database tools, we’re sure that you want to add extra care on that one, since we’ve discovered that poisonous .SQL files can overflow database tools memory buffers and execute arbitrary code on your system.

Links to our advisories are listed below:

Informix Security Advisory:
http://www.defensecode.com/advisories/DC-2017-04-001_IBM_Informix_DB-Access_Buffer_Overflow.pdf

DB2 Security Advisory:
http://www.defensecode.com/advisories/IBM_DB2_Command_Line_Processor_Buffer_Overflow.pdf

Kind Regards,
DefenseCode Team

Latest News

Latest Generation of Dynamic Application Security Testing solution from DefenseCode – WebStrike
Ubiquitous AI Corporation appointed as DefenseCode’s partner
DefenseCode announces GitHub Action to provide SAST solution for developers
DefenseCode ThunderScan® SAST 2.1.0 added support for Go and ABAP languages
ThunderScan® Enterprise SAST Now Supports Linux