Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Update Protection against IBM DB2 Universal Database receiveDASMessage Buffer Overflow Vulnerability

Subscribe

Check Point Reference: CPAI-2011-068
Date Published:
Severity:
Last Updated:
Source: Secunia Advisory: SA43059
Protection Provided by: Security Gateway
  • R75
IPS-1
  • IPS-1
  • IPS-1 NGX R65
Who is Vulnerable?
IBM DB2 9.1 prior to Fix Pack 10
IBM DB2 9.5 prior to fixpack 7
IBM DB2 9.7 prior to Fix Pack 3
Vulnerability Description
A heap buffer overflow vulnerability has been discovered in IBM DB2 Universal Database. IBM DB2 Database is a relational database management system that includes the DB2 Administration Server (DAS) service. The DB2 Administration Server (DAS) assists the Control Center and Configuration Assistant in enabling remote administration of DB2 database instances, providing the facility for job management, defining the scheduling of jobs, viewing the results of completed jobs, providing a means for discovering information about the configuration of DB2 instances, databases, and other DB2 administration servers in conjunction with the DB2 Discovery utility. A remote attacker may exploit this vulnerability to execute arbitrary code on a vulnerable system.
Update/Patch Available
The vendor, IBM, has published an advisory covering this vulnerability.
Vulnerability Details
The vulnerability is due to insufficient bound checking on a user-supplied buffer length value in a receiveDASMessage message. A remote attacker can exploit this issue by providing a malicious buffer length in a receiveDASMessage message. Successful exploitation of this vulnerability could result in arbitrary code execution on an affected system.

Protection Overview
This protection detects and blocks malicious receiveDASMessage messages sent to the vulnerable server. 

In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05Protection taband select the version of your choice.

To configure the defense, select your product from the list below and follow the related protection steps.

Security Gateway: R75

How Can I Protect My Network?
1. In the IPS tab, click Protections > By Protocol > IPS Software Blade > Application Intelligence > Database Protections IBM.
2. In the right pane, double-click the IBM DB2 Universal Database receiveDASMessage Buffer Overflow protection.
3. In the Protection Details window, click on Edit. Choose the protection's Action (Override IPS Policy with: Prevent/Detect), and apply Additional Settings
4. Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: IBM Protection Violation
Attack Information: IBM DB2 Universal Database receiveDASMessage buffer overflow

IPS-1 & IPS-1 NGX R65

How Can I Protect My Network?
1. In the IPS-1 Policy Manager, click on the Protection tab.
2. In the Protection tree, click Application Intelligence > Enterprise Software, and select the IBM DB2 Database protection group.
3. Click IBM DB2 Universal Database receiveDASMessage Buffer Overflow (IPS-1 NGX R65 only).
4. In the configuration pane, under Settings, check Active.
5. Click on Install Policy.

How Do I Know if My Network is Under Attack?
Upon attack, the following entries will be logged:

Alert Name: IBM DB2 Database
Description: IBM DB2 Universal Database receiveDASMessage Buffer Overflow