CVE-2008-1966

Name of the Vulnerable Software and Affected Versions IBM DB2 versions 8.0 through 8.0 FP15 IBM DB2 versions 9.1 through 9.1 FP3 IBM DB2 versions 9.5 through 9.5 FP0

Description The issue is related to multiple buffer overflows in the JAR file administration routines within the BSU JAVA subcomponent. This can be exploited by remote authenticated users to cause a denial of service, specifically an instance crash, by calling certain procedures with crafted parameters. The affected procedures include RECOVERJAR and REMOVE JAR, and are related to sqlj.install jar and sqlj.replace jar.

Recommendations For IBM DB2 version 8, update to FP16 or later. For IBM DB2 version 9.1, update to FP4a or later. For IBM DB2 version 9.5, update to FP1 or later.