[VIM] CVE-2007-5324 (IBM DB2JDS overflows) is a dupe of CVE-2007-2582
George A. Theall
theall at tenablesecurity.com
Sat Oct 13 01:26:01 UTC 2007
On 10/12/07 20:21, Steven M. Christey wrote:
> ZDI recently confirmed to me that the IBM DB2JDS overflows they just
> reported are already covered by CVE-2007-2582. The link between the
> two is APAR IY97750, which was vaguely written in the initial
> disclosure, but it's the proper fix for the ZDI overflows.
Ah, thanks for pointing that out.
What about the denial of service issues ZDI also reported (invalid LANG
parameter and MemTree overflow)? Neither is mentioned in IY97750, and I
couldn't find them in the list of APARs IBM claimed were addressed by
8.1 FixPak 15.
George
--
theall at tenablesecurity.com
More information about the VIM
mailing list