CVE-2007-2582

Name of the Vulnerable Software and Affected Versions IBM DB2 versions 9.x and earlier

Description The issue concerns multiple buffer overflows in the DB2 JDBC Applet Server service. Remote attackers can execute arbitrary code by sending a crafted packet to the DB2JDS service on tcp/6789. Additionally, attackers can cause a denial of service through an invalid LANG parameter or by sending a long packet that results in a "MemTree overflow."

Recommendations For IBM DB2 versions 9.x and earlier, consider disabling the DB2JDS service on tcp/6789 until a patch is available. Restrict access to the DB2JDS service to minimize the risk of exploitation. Avoid using invalid LANG parameters in the DB2JDS service to prevent denial of service attacks. As a temporary workaround, limit the packet length to prevent "MemTree overflow" errors. At the moment, there is no information about a newer version that contains a fix for this vulnerability.