CVE-2012-2197
Priority
Medium
Description
Stack-based buffer overflow in the Java Stored Procedure infrastructure in
IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5,
and 10.1 allows remote authenticated users to execute arbitrary code by
leveraging certain CONNECT and EXECUTE privileges.
IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5,
and 10.1 allows remote authenticated users to execute arbitrary code by
leveraging certain CONNECT and EXECUTE privileges.
References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2197
http://www-01.ibm.com/support/docview.wss?uid=swg21600837
http://www-01.ibm.com/support/docview.wss?uid=swg1IC84755
http://www-01.ibm.com/support/docview.wss?uid=swg1IC84754
http://www-01.ibm.com/support/docview.wss?uid=swg1IC84753
http://www-01.ibm.com/support/docview.wss?uid=swg1IC84752
http://www-01.ibm.com/support/docview.wss?uid=swg1IC84555
http://www-01.ibm.com/support/docview.wss?uid=swg21600837
http://www-01.ibm.com/support/docview.wss?uid=swg1IC84755
http://www-01.ibm.com/support/docview.wss?uid=swg1IC84754
http://www-01.ibm.com/support/docview.wss?uid=swg1IC84753
http://www-01.ibm.com/support/docview.wss?uid=swg1IC84752
http://www-01.ibm.com/support/docview.wss?uid=swg1IC84555
Notes
tyhicks> A fix pack for 9.7 is not yet available as of 2012-07-25
Package
| Upstream: | needs-triage |
| Ubuntu 8.04 LTS (Hardy Heron): | ignored (reached end-of-life) |
| Ubuntu 10.04 LTS (Lucid Lynx): | deferred |
| Ubuntu 11.10 (Oneiric Ocelot): | DNE |
| Ubuntu 12.04 LTS (Precise Pangolin): | deferred |
| Ubuntu 12.10 (Quantal Quetzal): | DNE |
| Ubuntu 13.04 (Raring Ringtail): | DNE |