CVE-2012-0711

Integer signedness error in the db2dasrrm process in the DB2 Administration Server (DAS) in IBM DB2 9.1 through FP11, 9.5 before FP9, and 9.7 through FP5 on UNIX platforms allows remote attackers to execute arbitrary code via a crafted request that triggers a heap-based buffer overflow.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www-01.ibm.com/support/docview.wss?uid=swg1IC80561
http://www-01.ibm.com/support/docview.wss?uid=swg1IC80728
http://www-01.ibm.com/support/docview.wss?uid=swg1IC80729
http://www-01.ibm.com/support/docview.wss?uid=swg21588093	Vendor Advisory
http://www.securityfocus.com/bid/77826
https://exchange.xforce.ibmcloud.com/vulnerabilities/73495
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14842
http://www-01.ibm.com/support/docview.wss?uid=swg1IC80561
http://www-01.ibm.com/support/docview.wss?uid=swg1IC80728
http://www-01.ibm.com/support/docview.wss?uid=swg1IC80729
http://www-01.ibm.com/support/docview.wss?uid=swg21588093	Vendor Advisory
http://www.securityfocus.com/bid/77826
https://exchange.xforce.ibmcloud.com/vulnerabilities/73495
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14842

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:ibm:db2:9.1:::::::*
	cpe:2.3:a:ibm:db2:9.1:fp1::::::
	cpe:2.3:a:ibm:db2:9.1:fp10::::::
	cpe:2.3:a:ibm:db2:9.1:fp11::::::
	cpe:2.3:a:ibm:db2:9.1:fp2::::::
	cpe:2.3:a:ibm:db2:9.1:fp2a::::::
	cpe:2.3:a:ibm:db2:9.1:fp3::::::
	cpe:2.3:a:ibm:db2:9.1:fp3a::::::
	cpe:2.3:a:ibm:db2:9.1:fp4::::::
	cpe:2.3:a:ibm:db2:9.1:fp4a::::::
	cpe:2.3:a:ibm:db2:9.1:fp5::::::
	cpe:2.3:a:ibm:db2:9.1:fp6::::::
	cpe:2.3:a:ibm:db2:9.1:fp6a::::::
	cpe:2.3:a:ibm:db2:9.1:fp7::::::
	cpe:2.3:a:ibm:db2:9.1:fp7a::::::
	cpe:2.3:a:ibm:db2:9.1:fp8::::::
	cpe:2.3:a:ibm:db2:9.1:fp9::::::
	cpe:2.3:a:ibm:db2:9.5:::::::*
	cpe:2.3:a:ibm:db2:9.5:fp1::::::
	cpe:2.3:a:ibm:db2:9.5:fp2::::::
	cpe:2.3:a:ibm:db2:9.5:fp2a::::::
	cpe:2.3:a:ibm:db2:9.5:fp3::::::
	cpe:2.3:a:ibm:db2:9.5:fp3a::::::
	cpe:2.3:a:ibm:db2:9.5:fp3b::::::
	cpe:2.3:a:ibm:db2:9.5:fp4::::::
	cpe:2.3:a:ibm:db2:9.5:fp4a::::::
	cpe:2.3:a:ibm:db2:9.5:fp5::::::
	cpe:2.3:a:ibm:db2:9.5:fp6::::::
	cpe:2.3:a:ibm:db2:9.5:fp6a::::::
	cpe:2.3:a:ibm:db2:9.5:fp7::::::
	cpe:2.3:a:ibm:db2:9.5:fp8::::::
	cpe:2.3:a:ibm:db2:9.7:::::::*
	cpe:2.3:a:ibm:db2:9.7:fp1::::::
	cpe:2.3:a:ibm:db2:9.7:fp2::::::
	cpe:2.3:a:ibm:db2:9.7:fp3::::::
	cpe:2.3:a:ibm:db2:9.7:fp3a::::::
	cpe:2.3:a:ibm:db2:9.7:fp4::::::
	cpe:2.3:a:ibm:db2:9.7:fp5::::::

OR	cpe:2.3:o:ibm:aix::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:sun:sunos::::::::

History

21 Nov 2024, 01:35

Type	Values Removed	Values Added
References	~~() http://www-01.ibm.com/support/docview.wss?uid=swg1IC80561 -~~	() http://www-01.ibm.com/support/docview.wss?uid=swg1IC80561 -
References	~~() http://www-01.ibm.com/support/docview.wss?uid=swg1IC80728 -~~	() http://www-01.ibm.com/support/docview.wss?uid=swg1IC80728 -
References	~~() http://www-01.ibm.com/support/docview.wss?uid=swg1IC80729 -~~	() http://www-01.ibm.com/support/docview.wss?uid=swg1IC80729 -
References	~~() http://www-01.ibm.com/support/docview.wss?uid=swg21588093 - Vendor Advisory~~	() http://www-01.ibm.com/support/docview.wss?uid=swg21588093 - Vendor Advisory
References	~~() http://www.securityfocus.com/bid/77826 -~~	() http://www.securityfocus.com/bid/77826 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/73495 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/73495 -
References	~~() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14842 -~~	() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14842 -

Information

Published : 2012-03-20 20:55

Updated : 2025-04-11 00:51

NVD link : CVE-2012-0711

Mitre link : CVE-2012-0711

CVE.ORG link : CVE-2012-0711

JSON object : View

Products Affected

ibm

sun

sunos

linux

linux_kernel

CWE

CWE-189

Numeric Errors

{"id": "CVE-2012-0711", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2012-03-20T20:55:01.320", "references": [{"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC80561", "source": "psirt@us.ibm.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC80728", "source": "psirt@us.ibm.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC80729", "source": "psirt@us.ibm.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21588093", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "http://www.securityfocus.com/bid/77826", "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73495", "source": "psirt@us.ibm.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14842", "source": "psirt@us.ibm.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC80561", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC80728", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC80729", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21588093", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/77826", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73495", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14842", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-189"}]}], "descriptions": [{"lang": "en", "value": "Integer signedness error in the db2dasrrm process in the DB2 Administration Server (DAS) in IBM DB2 9.1 through FP11, 9.5 before FP9, and 9.7 through FP5 on UNIX platforms allows remote attackers to execute arbitrary code via a crafted request that triggers a heap-based buffer overflow."}, {"lang": "es", "value": "Un error de entero sin signo en el proceso db2dasrrm del servidor de administraci\u00f3n de DB2 (DAS) en IBM DB2 v9.1 hasta FP11, v9.5 antes de vFP9, y v9.7 hasta FP5 para UNIX permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una solicitud modificada a mano que ocasiona un desbordamiento del b\u00fafer basado en memoria din\u00e1mica."}], "lastModified": "2025-04-11T00:51:21.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:db2:9.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7B28091A-8772-41DC-9D91-D5359CDDA7A9"}, {"criteria": "cpe:2.3:a:ibm:db2:9.1:fp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2AF419E7-F2B5-4E2A-B85D-C0EC6C1DEA4F"}, {"criteria": "cpe:2.3:a:ibm:db2:9.1:fp10:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "59E6D578-4727-4AA3-9313-97D9775AC41E"}, {"criteria": "cpe:2.3:a:ibm:db2:9.1:fp11:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AC28AABC-88E8-480B-9A3B-D58B7B7EFC17"}, {"criteria": "cpe:2.3:a:ibm:db2:9.1:fp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "95BBA3F1-C276-4C30-BFE5-9CE212BEBEFA"}, {"criteria": "cpe:2.3:a:ibm:db2:9.1:fp2a:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A39759EE-5166-4122-8EFD-93CD79909403"}, {"criteria": "cpe:2.3:a:ibm:db2:9.1:fp3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4DF01163-F805-4FC8-9836-462034D1B5CF"}, {"criteria": "cpe:2.3:a:ibm:db2:9.1:fp3a:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E570E88C-35F8-4E12-8121-20536AC8A0AB"}, {"criteria": "cpe:2.3:a:ibm:db2:9.1:fp4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "757E30FB-2EFB-4B3D-9931-17D584D433A2"}, {"criteria": "cpe:2.3:a:ibm:db2:9.1:fp4a:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B31F9D02-25FD-4ED1-9D1C-B244BC9426B6"}, {"criteria": "cpe:2.3:a:ibm:db2:9.1:fp5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "47455B4A-6E10-417F-9974-B0AA7F3180FE"}, {"criteria": "cpe:2.3:a:ibm:db2:9.1:fp6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "84156C5B-EFC6-4733-A868-C3C51CFBA7CD"}, {"criteria": "cpe:2.3:a:ibm:db2:9.1:fp6a:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA8ABABB-F84D-41F0-A894-56911AF6E7E7"}, {"criteria": "cpe:2.3:a:ibm:db2:9.1:fp7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3D511307-1EBB-408B-BCDE-C6BEFCF154C5"}, {"criteria": "cpe:2.3:a:ibm:db2:9.1:fp7a:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C31FDCBF-B3EC-4B01-8D10-D05108FD51E3"}, {"criteria": "cpe:2.3:a:ibm:db2:9.1:fp8:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1DF94D3C-3C23-4F22-B9B6-658C23E7BAF2"}, {"criteria": "cpe:2.3:a:ibm:db2:9.1:fp9:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8C26F7EA-4A39-4244-87C9-397AE1C4B34C"}, {"criteria": "cpe:2.3:a:ibm:db2:9.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "11ABF7CC-2FA5-4F2D-901A-2D0EF5B8E717"}, {"criteria": "cpe:2.3:a:ibm:db2:9.5:fp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "58147402-53D5-4F15-862B-EE3DCCD75E2C"}, {"criteria": "cpe:2.3:a:ibm:db2:9.5:fp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D3F3CB5E-D4FB-4C03-B108-06CC358B1F45"}, {"criteria": "cpe:2.3:a:ibm:db2:9.5:fp2a:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CB2EA14A-878A-4D8D-B17A-568712D21C48"}, {"criteria": "cpe:2.3:a:ibm:db2:9.5:fp3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "84C925CD-E753-401F-9EC0-6E3D9861C818"}, {"criteria": "cpe:2.3:a:ibm:db2:9.5:fp3a:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "651D042C-A9F1-42D1-A6DD-95ADBCD08448"}, {"criteria": "cpe:2.3:a:ibm:db2:9.5:fp3b:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0A589323-B8B8-4CB4-B1A9-B9E771C99123"}, {"criteria": "cpe:2.3:a:ibm:db2:9.5:fp4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "61252AF9-A231-442A-A473-BA0608323BF2"}, {"criteria": "cpe:2.3:a:ibm:db2:9.5:fp4a:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EB37A1AA-58F0-4A39-8E38-C70692CE67BF"}, {"criteria": "cpe:2.3:a:ibm:db2:9.5:fp5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1D9D5B5B-8E23-4987-9BBE-8FE1F27CB1B5"}, {"criteria": "cpe:2.3:a:ibm:db2:9.5:fp6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E3E12C63-19FF-4BB9-9389-BF5E6B493F42"}, {"criteria": "cpe:2.3:a:ibm:db2:9.5:fp6a:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "10456C00-127D-46FE-82A4-D567AB19F87A"}, {"criteria": "cpe:2.3:a:ibm:db2:9.5:fp7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E476599E-7087-4442-AED5-61DC1CA1F374"}, {"criteria": "cpe:2.3:a:ibm:db2:9.5:fp8:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "93F5745A-219B-48F6-95E9-85B4E516FA94"}, {"criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05"}, {"criteria": "cpe:2.3:a:ibm:db2:9.7:fp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "00A16349-5CF1-4E75-A6EE-218E85049F62"}, {"criteria": "cpe:2.3:a:ibm:db2:9.7:fp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5335C017-52D9-45D4-BCEB-CBB51B7C88AE"}, {"criteria": "cpe:2.3:a:ibm:db2:9.7:fp3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "786B3F51-46A3-4A4C-A549-B80BA27EE3B9"}, {"criteria": "cpe:2.3:a:ibm:db2:9.7:fp3a:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AB349DC8-2EC6-4A11-9BCD-9C49D36BA49D"}, {"criteria": "cpe:2.3:a:ibm:db2:9.7:fp4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CC8D88E5-7942-4F21-B0BA-7D23F4537117"}, {"criteria": "cpe:2.3:a:ibm:db2:9.7:fp5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D7A42A22-D615-4D60-8FC4-61CDF727FD54"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ibm:aix:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F7F01A55-7C37-4BAF-A4D4-61E8AC54FF79"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37"}, {"criteria": "cpe:2.3:o:sun:sunos:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "11AEFEC9-5DB4-44CB-977D-6561DC1680C1"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@us.ibm.com"}

7.5 /10