IBM Security Bulletin: IBM® DB2® LUW’s Command Line Processor Contains Buffer Overflow Vulnerability (CVE-2017-1297).

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) Command Line Process (CLP) is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code.

CVE(s): CVE-2017-1297

Affected product(s) and affected version(s):

All fix pack levels and editions of IBM DB2 V9.7, V10.1, V10.5 and V11.1 on all platforms are affected.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2t0XuAg
X-Force Database: http://ift.tt/2t2sv7g

The post IBM Security Bulletin: IBM® DB2® LUW’s Command Line Processor Contains Buffer Overflow Vulnerability (CVE-2017-1297). appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2tBLJ0y