Vigil@nce - IBM DB2: heap overflow via REPEAT - vulnerability announce CVE-2010-0462


we track for your security since 1999

resources

Vigil@nce describes vulnerabilities impacting your systems, and offers solutions to correct them.

recent vulnerabilities

tracked products

RSS feed

vulnerability

vulnerability announce CVE-2010-0462 IBM DB2: heap overflow via REPEAT
Synthesis of the vulnerability

An authenticated attacker can use the REPEAT() function, in order to generate an overflow, leading to a denial of service or to code execution with database privileges.

Severity: 2/4.
Consequences: privileged access/rights, denial of service of service.
Provenance: user account.
Means of attack: 1 attack.
Ability of attacker: technician (2/4).
Confidence: unique source (2/5).
Diffusion of the vulnerable configuration: high (3/3).
Creation date: 28/01/2010.

Impacted products

IBM DB2 UDB versions

Description of the vulnerability

The SQL REPEAT() function generates a character string, which is built by repeating a pattern. For example, to obtain "HelloHello" :
SELECT REPEAT( 'Hello', 2 )

IBM DB2 checks that the size of the string is not too long. However, by using a sub-call, the size can become over 2^32, and forces the allocation of a short memory area, and then a heap overflow.

An authenticated attacker can therefore use the REPEAT() function, in order to generate an overflow, leading to a denial of service or to code execution with database privileges.

Characteristics

Title: IBM DB2: heap overflow via REPEAT
Identifiers: BID-37976, CVE-2010-0462, VIGILANCE-VUL-9387.
Url: https://vigilance.fr/tree/1/9387

Information sources

Publications and announces
Source example: IBM DB2 9.7 heap overflow

Supplements

Attack

Exploit 0day or proof of concept