| Vigil@nce describes vulnerabilities impacting your systems, and offers solutions to correct them. |
|
 |
|
|
|
vulnerability announce CVE-2010-0462
IBM DB2: heap overflow via REPEAT
Synthesis of the vulnerability
| An authenticated attacker can use the REPEAT() function, in order to generate an overflow, leading to a denial of service or to code execution with database privileges. |
Severity: 2/4.
Consequences: privileged access/rights, denial of service of service.
Provenance: user account.
Means of attack: 1 attack.
Ability of attacker: technician (2/4).
Confidence: unique source (2/5).
Diffusion of the vulnerable configuration: high (3/3).
Creation date: 28/01/2010.
|
Impacted products
Description of the vulnerability
The SQL REPEAT() function generates a character string, which is built by repeating a pattern. For example, to obtain "HelloHello" :
SELECT REPEAT( 'Hello', 2 )
IBM DB2 checks that the size of the string is not too long. However, by using a sub-call, the size can become over 2^32, and forces the allocation of a short memory area, and then a heap overflow.
An authenticated attacker can therefore use the REPEAT() function, in order to generate an overflow, leading to a denial of service or to code execution with database privileges. |
Characteristics
Information sources
Supplements
|