IBM Security Bulletin: Buffer overflow vulnerability in IBM® DB2® LUW (CVE-2017-1105)

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) is vulnerable to a buffer overflow that could allow a local user to overwrite DB2 files or cause a denial of service.

CVE(s): CVE-2017-1105

Affected product(s) and affected version(s):

All fix pack levels of IBM DB2 V9.7, V10.1, V10.5 and V11.1 editions listed below and running on AIX, Linux, Solaris and HP are affected. DB2 on Windows is not affected.
IBM® DB2® Express Edition
IBM® DB2® Workgroup Server Edition
IBM® DB2® Enterprise Server Edition
IBM® DB2® Advanced Enterprise Server Edition
IBM® DB2® Advanced Workgroup Server Edition
IBM® DB2® Connect™ Application Server Edition
IBM® DB2® Connect™ Enterprise Edition
IBM® DB2® Connect™ Unlimited Edition for System i®
IBM® DB2® Connect™ Unlimited Edition for System z®

The IBM data server client and driver types are affected as well and they are as follows:

IBM Data Server Driver Package
IBM Data Server Driver for ODBC and CLI
IBM Data Server Runtime Client
IBM Data Server Client

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2t1A2CV
X-Force Database: http://ift.tt/2t2xTY3

The post IBM Security Bulletin: Buffer overflow vulnerability in IBM® DB2® LUW (CVE-2017-1105) appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2tBLH8I