返回 CVE 浏览器

CVE-2010-3731

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.0960%

EPSS Percentile3.67th

Published2010年10月5日

Last Modified2026年4月29日

Vulnerability Description

Stack-based buffer overflow in the validateUser implementation in the com.ibm.db2.das.core.DasSysCmd function in db2dasrrm in the DB2 Administration Server (DAS) component in IBM DB2 9.1 before FP10, 9.5 before FP6a, and 9.7 before FP3 allows remote attackers to execute arbitrary code via a long username string.

Affected Platforms (CPE)

📦

Ibm

Db2

= 9.5

📦

Ibm

Db2

= 9.5

📦

Ibm

Db2

= 9.5

📦

Ibm

Db2

= 9.5

📦

Ibm

Db2

= 9.5

📦

Ibm

Db2

= 9.5

📦

Ibm

Db2

= 9.5

📦

Ibm

Db2

= 9.5

📦

Ibm

Db2

= 9.5

📦

Ibm

Db2

= 9.5

References & Advisories

🔗 ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT

🔗 http://secunia.com/advisories/41686

🔗 http://www-01.ibm.com/support/docview.wss?uid=swg1IC69986

🔗 http://www-01.ibm.com/support/docview.wss?uid=swg1IC70538

🔗 http://www-01.ibm.com/support/docview.wss?uid=swg1IC70539

🔗 http://www-01.ibm.com/support/docview.wss?uid=swg21426108

🔗 http://www.securityfocus.com/bid/46077

🔗 http://www.vupen.com/english/advisories/2010/2544

相关漏洞威胁

CVE-2007-258210.0

Multiple buffer overflows in the DB2 JDBC Applet Server (DB2JDS) service in IBM DB2 9.x and earlier allow remote attackers to (1) ...

CVE-2005-486510.0

Stack-based buffer overflow in call in IBM DB2 7.x and 8.1 allows remote attackers to execute arbitrary code via a long libname.

CVE-2005-041710.0

Unknown "high risk" vulnerability in DB2 Universal Database 8.1 and earlier has unknown impact and attack vectors. NOTE: due to t...

CVE-2007-605110.0

IBM DB2 UDB 9.1 before Fixpak 4 assigns incorrect privileges to the (1) DB2ADMNS and (2) DB2USERS alternative groups, which has un...