1. CVE-Search
  2. CVE-2012-0711
ID CVE-2012-0711
Summary Integer signedness error in the db2dasrrm process in the DB2 Administration Server (DAS) in IBM DB2 9.1 through FP11, 9.5 before FP9, and 9.7 through FP5 on UNIX platforms allows remote attackers to execute arbitrary code via a crafted request that triggers a heap-based buffer overflow.
References
Vulnerable Configurations
  • cpe:2.3:a:ibm:db2:9.1:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:9.1:fp1:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:9.1:fp1:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:9.1:fp10:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:9.1:fp10:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:9.1:fp11:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:9.1:fp11:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:9.1:fp2:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:9.1:fp2:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:9.1:fp2a:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:9.1:fp2a:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:9.1:fp3:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:9.1:fp3:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:9.1:fp3a:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:9.1:fp3a:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:9.1:fp4:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:9.1:fp4:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:9.1:fp4a:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:9.1:fp4a:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:9.1:fp5:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:9.1:fp5:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:9.1:fp6:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:9.1:fp6:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:9.1:fp6a:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:9.1:fp6a:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:9.1:fp7:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:9.1:fp7:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:9.1:fp7a:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:9.1:fp7a:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:9.1:fp8:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:9.1:fp8:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:9.1:fp9:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:9.1:fp9:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:9.5:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:9.5:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:9.5:fp1:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:9.5:fp1:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:9.5:fp2:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:9.5:fp2:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:9.5:fp2a:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:9.5:fp2a:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:9.5:fp3:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:9.5:fp3:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:9.5:fp3a:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:9.5:fp3a:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:9.5:fp3b:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:9.5:fp3b:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:9.5:fp4:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:9.5:fp4:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:9.5:fp4a:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:9.5:fp4a:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:9.5:fp5:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:9.5:fp5:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:9.5:fp6:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:9.5:fp6:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:9.5:fp6a:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:9.5:fp6a:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:9.5:fp7:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:9.5:fp7:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:9.5:fp8:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:9.5:fp8:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:9.7:fp1:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:9.7:fp1:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:9.7:fp2:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:9.7:fp2:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:9.7:fp3:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:9.7:fp3:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:9.7:fp3a:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:9.7:fp3a:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:9.7:fp4:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:9.7:fp4:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:9.7:fp5:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:9.7:fp5:*:*:*:*:*:*
  • cpe:2.3:o:ibm:aix:*:*:*:*:*:*:*:*
    cpe:2.3:o:ibm:aix:*:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
  • cpe:2.3:o:sun:sunos:*:*:*:*:*:*:*:*
    cpe:2.3:o:sun:sunos:*:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 10-10-2018 - 10:29)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
oval via4
accepted 2012-05-07T04:00:34.220-04:00
class vulnerability
contributors
  • name Scott Quint
    organization DTCC
  • name Maria Kedovskaya
    organization ALTX-SOFT
definition_extensions
comment IBM DB2 UDB is installed
oval oval:org.mitre.oval:def:12505
description Integer signedness error in the db2dasrrm process in the DB2 Administration Server (DAS) in IBM DB2 9.1 through FP11, 9.5 before FP9, and 9.7 through FP5 on UNIX platforms allows remote attackers to execute arbitrary code via a crafted request that triggers a heap-based buffer overflow.
family windows
id oval:org.mitre.oval:def:14842
status deprecated
submitted 2012-03-26T11:21:43.000-05:00
title DEPRECATED: Integer signedness error in the db2dasrrm process in the DB2 Administration Server (DAS) in IBM DB2 9.1 through FP11, 9.5 before FP9, and 9.7 through FP5 on UNIX platforms allows remote attackers to execute arbitrary code via a crafted request that triggers a heap-based buffer overflow.
version 5
refmap via4
aixapar
  • IC80561
  • IC80728
  • IC80729
bid 77826
confirm http://www-01.ibm.com/support/docview.wss?uid=swg21588093
xf db2-db2dasrrm-bo(73495)
Last major update 10-10-2018 - 10:29
Published 20-03-2012 - 20:55
Last modified 10-10-2018 - 10:29
Back to Top