|
IBM DB2 Multiple Vulnerabilities
|
|
Secunia Advisory:
|
SA26471
|
|
|
Release Date:
|
2007-08-16
|
|
Last Update:
|
2008-07-11
|
|
Popularity:
|
10,319 views
|
|
|
Critical:
|
Moderately critical
|
|
Impact:
|
Unknown
Security Bypass
Privilege escalation
DoS
System access
|
|
Where:
|
From local network
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | IBM DB2 9.x
IBM DB2 Universal Database 8.x
|
|
|
Secunia CVSS-2 Score:
|
Available in Secunia business solutions 
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities
|
|
| Advisory Content (Page 1 of 3) | [ 1 ] [ 2 ] [ 3 ] | |
|
Description:
Multiple vulnerabilities have been reported in IBM DB2, some of which have unknown impacts, while others can be exploited by malicious, local users to bypass certain security restrictions, perform certain actions with escalated privileges, and gain escalated privileges, by malicious users to compromise a vulnerable system, or by malicious people to cause a DoS (Denial of Service).
1) Race condition errors when modifying symbolic links can be exploited to e.g. modify arbitrary files with root privileges.
2) An input validation error when using environment variables to save event information to a log file can be exploited to e.g. create arbitrary files on the system.
3) Errors when handling files with elevated privileges can be exploited to e.g. create or append to arbitrary files on the system.
4) Certain unspecified setuid-binaries create directory structures insecurely. These can be exploited to e.g. create arbitrary world-writable directories via symlink attacks.
5) Input validation errors when using environment variables to execute binaries or load libraries can be exploited to e.g. execute arbitrary code with root privileges.
6) A boundary error when processing certain unspecified environment variables can be exploited to cause a buffer overflow.
7) A boundary error in the sysproc.auth_list_groups_for_authid function within Base Service Utilities can be exploited to cause a stack-based buffer overflow by passing an overly long value (greater than 40 bytes) to the affected function.
This vulnerability is reported in version 9.1.
8) The problem is that a user may still be able to execute a method even if the privileges for the method has been revoked.
This vulnerability is reported in version 8.
9) An unspecified error related to incorrect authorization checks has been reported.
This vulnerability is reported in version 8.
10) Unspecified errors exists in db2licd, and the OSSEMEMDBG and TRC_LOG_FILE environment variables.
11) A boundary error when processing the DASPROF environment variable can be exploited to cause a buffer overflow.
12) An unspecified error exists during instance and FMP startup.
13) An unspecified error can be exploited to crash the DB2 server via a malformed connection request.
This vulnerability is reported in version 9.
The vulnerabilities are reported in versions 8 and 9.1, unless otherwise indicated.
Change Page:
[ 1 ] [ 2 ] [ 3 ]
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
