Name: IBM DB2 rec2xml buffer overflow vulnerability Systems Affected: DB2 8.1/7.x Severity: High risk Vulnerability Description: - The rec2xml function in IBM's DB2 database server, which formats a string in XML, is vulnerable to a stack-based buffer overflow. - This vulnerability can be exploited by passing an overly long 3rd parameter to the rec2xml function, allowing an attacker to control the flow of execution and potentially execute arbitrary code. Fix Information: - IBM has released a patch. - The latest fixpak can be obtained from: - DB2 v8.1 - DB2 v7.x Assessment Tool: - NGSSquirrel for DB2 can be used to check if your DB2 server is vulnerable.