CVE-2009-4325

The Client Interfaces component in IBM DB2 8.2 before FP18, 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 does not validate an unspecified pointer, which allows attackers to overwrite "external memory" via unknown vectors, related to a missing "check for null pointers."

CVSS v2.0 6.4 MEDIUM

6.4^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:P

Exploitability : 10.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www-01.ibm.com/support/docview.wss?uid=swg1IC64702
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT
http://www-01.ibm.com/support/docview.wss?uid=swg21293566	Patch Vendor Advisory
http://www.securityfocus.com/bid/37332
http://www-01.ibm.com/support/docview.wss?uid=swg1LI74504
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v97/APARLIST.TXT
http://www.vupen.com/english/advisories/2009/3520	Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21412902
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT	Patch
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT
http://www-01.ibm.com/support/docview.wss?uid=swg1LI74500	Exploit Vendor Advisory
http://secunia.com/advisories/37759	Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1LI72709	Exploit Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:db2:8.2:fp1::::::
	cpe:2.3:a:ibm:db2:8.2:fp3::::::
	cpe:2.3:a:ibm:db2:9.1:fp1::::::
	cpe:2.3:a:ibm:db2:9.1:fp3a::::::
	cpe:2.3:a:ibm:db2:9.1:fp4::::::
	cpe:2.3:a:ibm:db2:9.1:fp4a::::::
	cpe:2.3:a:ibm:db2:9.1:fp5::::::
	cpe:2.3:a:ibm:db2:8.2:fp10::::::
	cpe:2.3:a:ibm:db2:8.2:fp11::::::
	cpe:2.3:a:ibm:db2:8.2:fp12::::::
	cpe:2.3:a:ibm:db2:8.2:fp13::::::
	cpe:2.3:a:ibm:db2:8.2:fp7::::::
	cpe:2.3:a:ibm:db2:9.5:::::::*
	cpe:2.3:a:ibm:db2:9.1:fp6a::::::
	cpe:2.3:a:ibm:db2:8.2:fp17::::::
	cpe:2.3:a:ibm:db2:8.2:fp5::::::
	cpe:2.3:a:ibm:db2:8.2:fp8::::::
	cpe:2.3:a:ibm:db2:9.1:::::::*
	cpe:2.3:a:ibm:db2:8.2:fp2::::::
	cpe:2.3:a:ibm:db2:9.5:fp1::::::
	cpe:2.3:a:ibm:db2:9.1:fp3::::::
	cpe:2.3:a:ibm:db2:8.2:fp15::::::
	cpe:2.3:a:ibm:db2:9.5:fp2a::::::
	cpe:2.3:a:ibm:db2:9.1:fp6::::::
	cpe:2.3:a:ibm:db2:8.2:fp6::::::
	cpe:2.3:a:ibm:db2:9.1:fp2::::::
	cpe:2.3:a:ibm:db2:9.5:fp3b::::::
	cpe:2.3:a:ibm:db2:9.5:fp2::::::
	cpe:2.3:a:ibm:db2:9.1:fp7::::::
	cpe:2.3:a:ibm:db2:9.5:fp3::::::
	cpe:2.3:a:ibm:db2:9.5:fp3a::::::
	cpe:2.3:a:ibm:db2:8.2:::::::*
	cpe:2.3:a:ibm:db2:8.2:fp4::::::
	cpe:2.3:a:ibm:db2:8.2:fp14::::::
	cpe:2.3:a:ibm:db2:8.2:fp9::::::
	cpe:2.3:a:ibm:db2:8.2:fp16::::::
	cpe:2.3:a:ibm:db2:9.7:::::::*

Information

Published : 2009-12-16 10:30

Updated : 2010-06-28 21:00

NVD link : CVE-2009-4325

Mitre link : CVE-2009-4325

JSON object : View

CWE

CWE-20

Improper Input Validation

Products Affected

ibm

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC64702", "name": "IC64702", "tags": [], "refsource": "AIXAPAR"}, {"url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT", "name": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566", "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566", "tags": ["Patch", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/37332", "name": "37332", "tags": [], "refsource": "BID"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1LI74504", "name": "LI74504", "tags": [], "refsource": "AIXAPAR"}, {"url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v97/APARLIST.TXT", "name": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v97/APARLIST.TXT", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.vupen.com/english/advisories/2009/3520", "name": "ADV-2009-3520", "tags": ["Vendor Advisory"], "refsource": "VUPEN"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21412902", "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21412902", "tags": [], "refsource": "CONFIRM"}, {"url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT", "name": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT", "tags": ["Patch"], "refsource": "CONFIRM"}, {"url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT", "name": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1LI74500", "name": "LI74500", "tags": ["Exploit", "Vendor Advisory"], "refsource": "AIXAPAR"}, {"url": "http://secunia.com/advisories/37759", "name": "37759", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1LI72709", "name": "LI72709", "tags": ["Exploit", "Vendor Advisory"], "refsource": "AIXAPAR"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The Client Interfaces component in IBM DB2 8.2 before FP18, 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 does not validate an unspecified pointer, which allows attackers to overwrite \"external memory\" via unknown vectors, related to a missing \"check for null pointers.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-20"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2009-4325", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "acInsufInfo": true, "impactScore": 4.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2009-12-16T18:30Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:ibm:db2:8.2:fp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:8.2:fp3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:9.1:fp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:9.1:fp3a:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:9.1:fp4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:9.1:fp4a:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:9.1:fp5:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:8.2:fp10:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:8.2:fp11:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:8.2:fp12:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:8.2:fp13:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:8.2:fp7:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:9.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:9.1:fp6a:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:8.2:fp17:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:8.2:fp5:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:8.2:fp8:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:9.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:8.2:fp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:9.5:fp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:9.1:fp3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:8.2:fp15:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:9.5:fp2a:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:9.1:fp6:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:8.2:fp6:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:9.1:fp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:9.5:fp3b:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:9.5:fp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:9.1:fp7:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:9.5:fp3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:9.5:fp3a:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:8.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:8.2:fp4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:8.2:fp14:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:8.2:fp9:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:8.2:fp16:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2010-06-29T04:00Z"}

6.4 /10