Description
Buffer overflow in sqllib/security/db2ckpw for IBM DB2 Universal Database 6.0 and 7.0 allows local users to execute arbitrary code via a long username that is read from a file descriptor argument.
Affected products
- ibm / db2_universal_database6.0 – 6.0
- ibm / db2_universal_database7.0 – 7.0
- ibm / db2_universal_database7.1 – 7.1
- ibm / db2_universal_database7.2 – 7.2
- ibm / db2_universal_database8.2 – 8.2