Multiple stack-based buffer overflows in IBM DB2 7.x and 8.1 allow local users to execute arbitrary code via (1) a long third argument to the rec2xml function or (2) a long filename argument to the generate_distfile procedure.
Software | From | Fixed in |
---|---|---|
ibm / db2_universal_database | 7.0 | 7.0.x |
ibm / db2_universal_database | 7.1 | 7.1.x |
ibm / db2_universal_database | 7.2 | 7.2.x |
ibm / db2_universal_database | 8.1 | 8.1.x |