cpe:/a:ibm:db2:9.5 cpe:/a:ibm:db2:9.5:fp1 cpe:/a:ibm:db2:9.5:fp2 cpe:/a:ibm:db2:9.5:fp2a cpe:/a:ibm:db2:9.5:fp3 cpe:/a:ibm:db2:9.5:fp3a cpe:/a:ibm:db2:9.5:fp3b cpe:/a:ibm:db2:9.5:fp4 cpe:/a:ibm:db2:9.5:fp4a cpe:/a:ibm:db2:9.5:fp5 CVE-2010-3731 2010-10-05T14:00:32.940-04:00 2017-09-18T21:31:32.097-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2010-10-05T17:33:00.000-04:00 SECUNIA 41686 BID 46077 VUPEN ADV-2010-2544 AIXAPAR IC69986 AIXAPAR IC70539 CONFIRM ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21426108 MISC http://www.zerodayinitiative.com/advisories/ZDI-11-035 Stack-based buffer overflow in the validateUser implementation in the com.ibm.db2.das.core.DasSysCmd function in db2dasrrm in the DB2 Administration Server (DAS) component in IBM DB2 9.1 before FP10, 9.5 before FP6a, and 9.7 before FP3 allows remote attackers to execute arbitrary code via a long username string.