Back to search
CVE-2008-1966
Published: Apr 27, 2008
Modified: Aug 7, 2024
PUBLISHED
Description
Multiple buffer overflows in the JAR file administration routines in the BSU JAVA subcomponent in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 allow remote authenticated users to cause a denial of service (instance crash) via a call to the (1) RECOVERJAR or (2) REMOVE_JAR procedure with a crafted parameter, related to (a) sqlj.install_jar and (b) sqlj.replace_jar.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
IZ15496
vendor-advisory
x_refsource_AIXAPAR
28835
vdb-entry
x_refsource_BID
http://www-1.ibm.com/support/docview.wss?uid=swg21255607
x_refsource_CONFIRM
http://www.appsecinc.com/resources/alerts/db2/2008-04.shtml
x_refsource_MISC
IZ08512
vendor-advisory
x_refsource_AIXAPAR
46269
vdb-entry
x_refsource_OSVDB
29601
vdb-entry
x_refsource_BID
ibm-db2-recoverjar-removejar-dos(41955)
vdb-entry
x_refsource_XF
IZ08945
vendor-advisory
x_refsource_AIXAPAR
46268
vdb-entry
x_refsource_OSVDB
29022
third-party-advisory
x_refsource_SECUNIA
20080418 Team SHATTER Security Advisory: Multiple DoS in JAR files manipulation procedures
mailing-list
x_refsource_BUGTRAQ
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now