Orange Business Services
Vigil@nce Vigil@nce Vigil@nce
we track for your security since 1999
 home presentation vulnerabilities documentation contact  
subscriber area subscriber area
free access free access
Vigil@nce team describes computer vulnerabilities impacting your systems, and offers solutions to correct them.
recent vulnerabilities recent vulnerabilities
tracked products tracked products
RSS feed RSS feed
vulnerability

vulnerability announce CVE-2010-0462 CVE-2010-1560

IBM DB2: heap overflow via REPEAT

Synthesis of the vulnerability

An authenticated attacker can use the REPEAT() function, in order to generate an overflow, leading to a denial of service or to code execution with database privileges.
Severity: 2/4.
Creation date: 28/01/2010.

Description of the vulnerability

The SQL REPEAT() function generates a character string, which is built by repeating a pattern. For example, to obtain "HelloHello" :
  SELECT REPEAT( 'Hello', 2 )

IBM DB2 checks that the size of the string is not too long. However, by using a sub-call, the size can become over 2^32, and forces the allocation of a short memory area, and then a heap overflow.

An authenticated attacker can therefore use the REPEAT() function, in order to generate an overflow, leading to a denial of service or to code execution with database privileges.

Complete Vigil@nce bulletin

Access to the complete Vigil@nce bulletin

Characteristics

Title: IBM DB2: heap overflow via REPEAT.
Keywords: DB2 Hello HelloHello REPEAT SELECT SQL heap overflow.
Identifiers: 1426108, BID-37976, CVE-2010-0462, CVE-2010-1560, swg21426108, VIGILANCE-VUL-9387.
Pointed by: VIGILANCE-VUL-9610.

Information sources

Publications and announces
Source example: IBM DB2 9.7 heap overflow

Solutions for this vulnerability

Patch or workaround

Supplements

Attack

Exploit 0day or proof of concept

Computer vulnerabilities tracking service

The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.
The Vigil@nce vulnerability database contains several thousand vulnerabilities.
This bulletin is published by the Vigil@nce team, which tracks computer vulnerabilities impacting systems and applications.
Computer vulnerabilities tracking service



















France Télécom Copyright 1999-2010 Vigil@nce. Vigil@nce is a service from Orange Business Services. Site map. Legal notice. Version française