CVE-2009-4325: Input Validation
First published: Wed Dec 16 2009(Updated: )
The Client Interfaces component in IBM DB2 8.2 before FP18, 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 does not validate an unspecified pointer, which allows attackers to overwrite "external memory" via unknown vectors, related to a missing "check for null pointers."
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM DB2 Universal Database | =8.2-fp12 | |
| IBM DB2 Universal Database | =8.2-fp7 | |
| IBM DB2 Universal Database | =9.1-fp4 | |
| IBM DB2 Universal Database | =9.5 | |
| IBM DB2 Universal Database | =9.1-fp6a | |
| IBM DB2 Universal Database | =9.1-fp1 | |
| IBM DB2 Universal Database | =8.2-fp17 | |
| IBM DB2 Universal Database | =8.2-fp5 | |
| IBM DB2 Universal Database | =8.2-fp3 | |
| IBM DB2 Universal Database | =8.2-fp8 | |
| IBM DB2 Universal Database | =8.2-fp14 | |
| IBM DB2 Universal Database | =9.1 | |
| IBM DB2 Universal Database | =8.2-fp2 | |
| IBM DB2 Universal Database | =9.1-fp5 | |
| IBM DB2 Universal Database | =8.2-fp9 | |
| IBM DB2 Universal Database | =9.5-fp1 | |
| IBM DB2 Universal Database | =8.2-fp13 | |
| IBM DB2 Universal Database | =9.1-fp3 | |
| IBM DB2 Universal Database | =8.2-fp15 | |
| IBM DB2 Universal Database | =9.1-fp3a | |
| IBM DB2 Universal Database | =9.5-fp2a | |
| IBM DB2 Universal Database | =9.1-fp6 | |
| IBM DB2 Universal Database | =8.2-fp10 | |
| IBM DB2 Universal Database | =8.2-fp16 | |
| IBM DB2 Universal Database | =8.2-fp6 | |
| IBM DB2 Universal Database | =9.1-fp2 | |
| IBM DB2 Universal Database | =9.1-fp4a | |
| IBM DB2 Universal Database | =9.5-fp3b | |
| IBM DB2 Universal Database | =9.5-fp2 | |
| IBM DB2 Universal Database | =9.7 | |
| IBM DB2 Universal Database | =8.2-fp11 | |
| IBM DB2 Universal Database | =9.1-fp7 | |
| IBM DB2 Universal Database | =9.5-fp3 | |
| IBM DB2 Universal Database | =9.5-fp3a | |
| IBM DB2 Universal Database | =8.2-fp1 | |
| IBM DB2 Universal Database | =8.2 | |
| IBM DB2 Universal Database | =8.2-fp4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www-01.ibm.com/support/docview.wss?uid=swg1IC64702
- http://www-01.ibm.com/support/docview.wss?uid=swg21293566
- http://www.securityfocus.com/bid/37332
- http://www-01.ibm.com/support/docview.wss?uid=swg1LI74504
- http://www.vupen.com/english/advisories/2009/3520
- http://www-01.ibm.com/support/docview.wss?uid=swg21412902
- http://www-01.ibm.com/support/docview.wss?uid=swg1LI74500
- http://secunia.com/advisories/37759
- http://www-01.ibm.com/support/docview.wss?uid=swg1LI72709
Frequently Asked Questions
What is the severity of CVE-2009-4325?
CVE-2009-4325 has a medium severity rating due to the potential for attackers to overwrite external memory.
How do I fix CVE-2009-4325?
To fix CVE-2009-4325, upgrade to IBM DB2 versions 8.2 FP18 or later, 9.1 FP8 or later, 9.5 FP5 or later, or 9.7 FP1 or later.
What versions of IBM DB2 are affected by CVE-2009-4325?
CVE-2009-4325 affects IBM DB2 versions 8.2 before FP18, 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1.
Is there a workaround for CVE-2009-4325?
There are no known effective workarounds for CVE-2009-4325; the recommended action is to apply the appropriate patches.
What type of attack does CVE-2009-4325 allow?
CVE-2009-4325 allows attackers to exploit a null pointer dereference vulnerability, potentially leading to arbitrary code execution.
- agent/type
- agent/remedy
- agent/author
- agent/references
- agent/severity
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/ibm
- canonical/ibm db2 universal database
- version/ibm db2 universal database/8.2-fp12
- version/ibm db2 universal database/8.2-fp7
- version/ibm db2 universal database/9.1-fp4
- version/ibm db2 universal database/9.5
- version/ibm db2 universal database/9.1-fp6a
- version/ibm db2 universal database/9.1-fp1
- version/ibm db2 universal database/8.2-fp17
- version/ibm db2 universal database/8.2-fp5
- version/ibm db2 universal database/8.2-fp3
- version/ibm db2 universal database/8.2-fp8
- version/ibm db2 universal database/8.2-fp14
- version/ibm db2 universal database/9.1
- version/ibm db2 universal database/8.2-fp2
- version/ibm db2 universal database/9.1-fp5
- version/ibm db2 universal database/8.2-fp9
- version/ibm db2 universal database/9.5-fp1
- version/ibm db2 universal database/8.2-fp13
- version/ibm db2 universal database/9.1-fp3
- version/ibm db2 universal database/8.2-fp15
- version/ibm db2 universal database/9.1-fp3a
- version/ibm db2 universal database/9.5-fp2a
- version/ibm db2 universal database/9.1-fp6
- version/ibm db2 universal database/8.2-fp10
- version/ibm db2 universal database/8.2-fp16
- version/ibm db2 universal database/8.2-fp6
- version/ibm db2 universal database/9.1-fp2
- version/ibm db2 universal database/9.1-fp4a
- version/ibm db2 universal database/9.5-fp3b
- version/ibm db2 universal database/9.5-fp2
- version/ibm db2 universal database/9.7
- version/ibm db2 universal database/8.2-fp11
- version/ibm db2 universal database/9.1-fp7
- version/ibm db2 universal database/9.5-fp3
- version/ibm db2 universal database/9.5-fp3a
- version/ibm db2 universal database/8.2-fp1
- version/ibm db2 universal database/8.2
- version/ibm db2 universal database/8.2-fp4