Next Generation Security Software reports multiple vulnerabilities in IBM DB2 Universal Databasemostly buffer overflowsthat could allow the execution of attack code.
Next Generation Security Software has reported multiple vulnerabilities in IBM DB2 Universal Database.
Twenty vulnerabilities were reported and designated as "critical" by Next Generation Security Software Ltd.
Most are buffer overflows,
which often can lead to the execution of attack code.
But NGS is delaying release of details of the vulnerabilities until Jan. 5, to provide time for IBM to address the problems and for customers to apply fixes.
IBM has released FixPaks 6a and 7a
to address the issues. IBM DB2 Universal Database
versions 8.0.0 and 8.1.0 for AIX, HP-UX, Solaris, Linux and Windows are affected.
The list of fixes in the FixPaks
is also unspecific as to the errors, as is typical for IBM.
Some frustrated IT organizations are turning to smaller, third-party developers for new internal auditing and monitoring tools for their databases. Click here to read more.
Just a month ago, NGS reported a different set of issues in different DB2 versions.
NGS said IBM patched two of those vulnerabilities, which were remotely exploitable buffer overflows that could allow for complete compromise of the affected database server or DOS (denial-of-service) attacks.
Check out eWEEK.coms Security Center
for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.
Be sure to add our eWEEK.com Security news feed to your RSS newsreader or My Yahoo page