CVE-2014-3094: Buffer Overflow
First published: Thu Sep 04 2014(Updated: )
Stack-based buffer overflow in IBM DB2 9.7 through FP9a, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP4 on Linux, UNIX, and Windows allows remote authenticated users to execute arbitrary code via a crafted ALTER MODULE statement.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Db2 | =9.7 | |
| IBM Db2 | =9.7.0.1 | |
| IBM Db2 | =9.7.0.2 | |
| IBM Db2 | =9.7.0.3 | |
| IBM Db2 | =9.7.0.4 | |
| IBM Db2 | =9.7.0.5 | |
| IBM Db2 | =9.7.0.6 | |
| IBM Db2 | =9.7.0.7 | |
| IBM Db2 | =9.7.0.8 | |
| IBM Db2 | =9.7.0.9 | |
| IBM Db2 | =9.7.0.9-a | |
| IBM Db2 | =9.8 | |
| IBM Db2 | =9.8.0.3 | |
| IBM Db2 | =9.8.0.4 | |
| IBM Db2 | =9.8.0.5 | |
| IBM Db2 | =10.1 | |
| IBM Db2 | =10.1.0.1 | |
| IBM Db2 | =10.1.0.2 | |
| IBM Db2 | =10.1.0.3 | |
| IBM Db2 | =10.1.0.4 | |
| IBM Db2 | =10.5 | |
| IBM Db2 | =10.5.0.1 | |
| IBM Db2 | =10.5.0.2 | |
| IBM Db2 | =10.5.0.3 | |
| IBM Db2 | =10.5.0.3-a | |
| Linux kernel | ||
| Microsoft Windows |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://secunia.com/advisories/58616
- http://secunia.com/advisories/60845
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT02291
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT02592
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT02593
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT02594
- http://www-01.ibm.com/support/docview.wss?uid=swg21681631
- http://www-01.ibm.com/support/docview.wss?uid=swg21683296
- http://www.securityfocus.com/bid/69550
- https://exchange.xforce.ibmcloud.com/vulnerabilities/94260
Frequently Asked Questions
What is the severity of CVE-2014-3094?
CVE-2014-3094 has a critical severity rating due to its ability to allow remote authenticated users to execute arbitrary code.
How do I fix CVE-2014-3094?
To fix CVE-2014-3094, users should apply the relevant IBM DB2 patches or updates released after the vulnerable versions.
What versions are affected by CVE-2014-3094?
CVE-2014-3094 affects IBM DB2 versions 9.7 through FP9a, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP4.
Who can exploit CVE-2014-3094?
CVE-2014-3094 can be exploited by remote authenticated users with permission to execute ALTER MODULE statements.
What are the potential impacts of CVE-2014-3094?
The potential impacts of CVE-2014-3094 include unauthorized code execution and significant compromise of the affected DB2 database.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/remedy
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ibm
- canonical/ibm db2
- version/ibm db2/9.7
- version/ibm db2/9.7.0.1
- version/ibm db2/9.7.0.2
- version/ibm db2/9.7.0.3
- version/ibm db2/9.7.0.4
- version/ibm db2/9.7.0.5
- version/ibm db2/9.7.0.6
- version/ibm db2/9.7.0.7
- version/ibm db2/9.7.0.8
- version/ibm db2/9.7.0.9
- version/ibm db2/9.7.0.9-a
- version/ibm db2/9.8
- version/ibm db2/9.8.0.3
- version/ibm db2/9.8.0.4
- version/ibm db2/9.8.0.5
- version/ibm db2/10.1
- version/ibm db2/10.1.0.1
- version/ibm db2/10.1.0.2
- version/ibm db2/10.1.0.3
- version/ibm db2/10.1.0.4
- version/ibm db2/10.5
- version/ibm db2/10.5.0.1
- version/ibm db2/10.5.0.2
- version/ibm db2/10.5.0.3
- version/ibm db2/10.5.0.3-a
- vendor/linux
- canonical/linux kernel
- vendor/microsoft
- canonical/microsoft windows