Several New DB2 and PostgresSQL Exploits in the Wild

Monday, February 07, 2011

Brent Huston

E313765e3bec84b2852c1c758f7244b6

Recently several new vulnerabilities, some with exploit code, have been made public in the DB2 database and PostgresSQL products.

Given the core sensitivity of the data and business processes often handled by these applications, we thought we would post about them.

If you are running these applications as a part of your core business processes, now might be a good time to check with the vendor support sites, download the available updates and get them into your maintenance windows as a critical update.

Given the exploit code availability and the ease of exploitation for a couple of these issues, their impact could be high if an attacker is in position to leverage them against your organization.

As with all of your applications, these should already be a part of your ongoing patching cycles, though these components are often missed or ignored as “too critical to patch”.

Don’t make that mistake.

If you would like more information about the issues or would like to schedule a briefing privately with one of our engineers, please give your account executive a call or email. 

Cross-posted from State of Security

Possibly Related Articles:
4393
Network->General
Patching Application Security Exploits Update PostgresSQL DB2
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.