Multiple IBM DB2 Products CVE-2014-3094 Stack Based Buffer Overflow Vulnerability

Bugtraq ID:	69550
Class:	Boundary Condition Error
CVE:	CVE-2014-3094
Remote:	Yes
Local:	No
Published:	Aug 29 2014 12:00AM
Updated:	Sep 22 2014 06:08PM
Credit:	IBM
Vulnerable:	IBM Smart Analytics System 7700 0 IBM Smart Analytics System 7600 0 IBM Smart Analytics System 5710 0 IBM Smart Analytics System 5600 0 IBM Smart Analytics System 2050 0 IBM Smart Analytics System 1050 0 IBM PureData System for Operational Analytics A1791 0 IBM InfoSphere Balanced Warehouse D5100 IBM InfoSphere Balanced Warehouse C4000 IBM InfoSphere Balanced Warehouse C3000 IBM DB2 Workgroup Server Edition 9.8 IBM DB2 Workgroup Server Edition 9.7 IBM DB2 Workgroup Server Edition 10.5 IBM DB2 Workgroup Server Edition 10.1 IBM Db2 Purescale Feature 9.8 - - ~-~-~Db2 Enterpr IBM DB2 Express Edition 9.8 IBM DB2 Express Edition 9.7 IBM DB2 Express Edition 10.5 IBM DB2 Express Edition 10.1 IBM DB2 Enterprise Server Edition 9.8 IBM DB2 Enterprise Server Edition 9.7 IBM DB2 Enterprise Server Edition 10.5 IBM DB2 Enterprise Server Edition 10.1 IBM DB2 Connect Unlimited Edition for System z 9.8 IBM DB2 Connect Unlimited Edition for System z 9.7 IBM DB2 Connect Unlimited Edition for System z 10.5 IBM DB2 Connect Unlimited Edition for System z 10.1 IBM DB2 Connect Unlimited Edition for System i 9.8 IBM DB2 Connect Unlimited Edition for System i 9.7 IBM DB2 Connect Unlimited Edition for System i 10.5 IBM DB2 Connect Unlimited Edition for System i 10.1 IBM DB2 Connect Enterprise Edition 9.8 IBM DB2 Connect Enterprise Edition 9.7 IBM DB2 Connect Enterprise Edition 10.5 IBM DB2 Connect Enterprise Edition 10.1 IBM DB2 Connect Application Server Edition 9.8 IBM DB2 Connect Application Server Edition 9.7 IBM DB2 Connect Application Server Edition 10.5 IBM DB2 Connect Application Server Edition 10.1 IBM DB2 Advanced Workgroup Server Edition 9.8 IBM DB2 Advanced Workgroup Server Edition 9.7 IBM DB2 Advanced Workgroup Server Edition 10.5 IBM DB2 Advanced Workgroup Server Edition 10.1 IBM DB2 Advanced Enterprise Server Edition 9.8 IBM DB2 Advanced Enterprise Server Edition 9.7 IBM DB2 Advanced Enterprise Server Edition 10.5 IBM DB2 Advanced Enterprise Server Edition 10.1
Not Vulnerable:

Multiple IBM DB2 Products CVE-2014-3094 Stack Based Buffer Overflow Vulnerability

Multiple IBM DB2 Products are prone to a stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer.

Successful exploits may allow an attacker to execute arbitrary code with DB2 instance owner privileges. Failed attempts will likely cause a denial-of-service condition.

Multiple IBM DB2 Products CVE-2014-3094 Stack Based Buffer Overflow Vulnerability

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Multiple IBM DB2 Products CVE-2014-3094 Stack Based Buffer Overflow Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

Multiple IBM DB2 Products CVE-2014-3094 Stack Based Buffer Overflow Vulnerability

References:

• IBM DB2 Homepage (IBM)
  
• IBM Homepage (IBM)
  
• Security Bulletin: IBM® DB2® LUW contains a denial of service vulnerability in A (IBM)
  
• Security Bulletin: IBM® InfoSphere Balanced Warehouse, IBM Smart Analytics Syste (IBM)