Security Alert: DB2 Flaws Surface

Next Generation Security Software reports multiple vulnerabilities in IBM DB2 Universal Database-mostly buffer overflows-that could allow the execution of attack code.

Next Generation Security Software has reported multiple vulnerabilities in IBM DB2 Universal Database.

Twenty vulnerabilities were reported and designated as "critical" by Next Generation Security Software Ltd. Most are buffer overflows, which often can lead to the execution of attack code.

But NGS is delaying release of details of the vulnerabilities until Jan. 5, to provide time for IBM to address the problems and for customers to apply fixes.

IBM has released FixPaks 6a and 7a to address the issues. IBM DB2 Universal Database versions 8.0.0 and 8.1.0 for AIX, HP-UX, Solaris, Linux and Windows are affected.

The list of fixes in the FixPaks is also unspecific as to the errors, as is typical for IBM.

/zimages/2/28571.gifSome frustrated IT organizations are turning to smaller, third-party developers for new internal auditing and monitoring tools for their databases. Click here to read more.

Just a month ago, NGS reported a different set of issues in different DB2 versions. NGS said IBM patched two of those vulnerabilities, which were remotely exploitable buffer overflows that could allow for complete compromise of the affected database server or DOS (denial-of-service) attacks.

/zimages/2/28571.gifCheck out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

/zimages/2/77042.gif

Be sure to add our eWEEK.com Security news feed to your RSS newsreader or My Yahoo page