CyberSec.Space Logo
Back to CVE Browser

CVE-2010-3731

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0960%
EPSS Percentile3.67th
PublishedOct 5, 2010
Last ModifiedApr 29, 2026

Vulnerability Description

Stack-based buffer overflow in the validateUser implementation in the com.ibm.db2.das.core.DasSysCmd function in db2dasrrm in the DB2 Administration Server (DAS) component in IBM DB2 9.1 before FP10, 9.5 before FP6a, and 9.7 before FP3 allows remote attackers to execute arbitrary code via a long username string.

Affected Platforms (CPE)

πŸ“¦
Ibm

Db2

= 9.5
πŸ“¦
Ibm

Db2

= 9.5
πŸ“¦
Ibm

Db2

= 9.5
πŸ“¦
Ibm

Db2

= 9.5
πŸ“¦
Ibm

Db2

= 9.5
πŸ“¦
Ibm

Db2

= 9.5
πŸ“¦
Ibm

Db2

= 9.5
πŸ“¦
Ibm

Db2

= 9.5
πŸ“¦
Ibm

Db2

= 9.5
πŸ“¦
Ibm

Db2

= 9.5

References & Advisories

πŸ”— ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT
πŸ”— http://secunia.com/advisories/41686
πŸ”— http://www-01.ibm.com/support/docview.wss?uid=swg1IC69986
πŸ”— http://www-01.ibm.com/support/docview.wss?uid=swg1IC70538
πŸ”— http://www-01.ibm.com/support/docview.wss?uid=swg1IC70539
πŸ”— http://www-01.ibm.com/support/docview.wss?uid=swg21426108
πŸ”— http://www.securityfocus.com/bid/46077
πŸ”— http://www.vupen.com/english/advisories/2010/2544

Related Vulnerabilities

CVE-2007-258210.0

Multiple buffer overflows in the DB2 JDBC Applet Server (DB2JDS) service in IBM DB2 9.x and earlier allow remote attackers to (1) ...

CVE-2005-486510.0

Stack-based buffer overflow in call in IBM DB2 7.x and 8.1 allows remote attackers to execute arbitrary code via a long libname.

CVE-2005-041710.0

Unknown "high risk" vulnerability in DB2 Universal Database 8.1 and earlier has unknown impact and attack vectors. NOTE: due to t...

CVE-2007-605110.0

IBM DB2 UDB 9.1 before Fixpak 4 assigns incorrect privileges to the (1) DB2ADMNS and (2) DB2USERS alternative groups, which has un...