CVE-2005-4870

Name of the Vulnerable Software and Affected Versions: IBM DB2 version 8.1

Description: The issue is related to stack-based buffer overflows in specific function calls, allowing remote attackers to execute arbitrary code. The vulnerable function calls are xmlvarcharfromfile, xmlclobfromfile, xmlfilefromvarchar, and xmlfilefromclob. The overflow occurs when a 94-byte second argument is passed, causing the return address to be overwritten with a pointer to the argument.

Recommendations: For IBM DB2 version 8.1, consider disabling the vulnerable function calls (xmlvarcharfromfile, xmlclobfromfile, xmlfilefromvarchar, and xmlfilefromclob) until a patch is available to prevent potential exploitation. Restrict access to these functions to minimize the risk of arbitrary code execution.