Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
Database
Search
Advisories by Product
Advisories by Vendor
Terminology
Report Vulnerability
Insecure Library Loading
Moderately critical

IBM DB2 Multiple Vulnerabilities

-

Release Date:  2007-08-16    Last Update:  2008-07-11    Views:  14,255

Secunia Advisory SA26471

Where:

From local network

Impact:

Unknown, Security Bypass, Privilege escalation, DoS, System access

Solution Status:

Vendor Patch

CVE Reference(s):

Description


Multiple vulnerabilities have been reported in IBM DB2, some of which have unknown impacts, while others can be exploited by malicious, local users to bypass certain security restrictions, perform certain actions with escalated privileges, and gain escalated privileges, by malicious users to compromise a vulnerable system, or by malicious people to cause a DoS (Denial of Service).

1) Race condition errors when modifying symbolic links can be exploited to e.g. modify arbitrary files with root privileges.

2) An input validation error when using environment variables to save event information to a log file can be exploited to e.g. create arbitrary files on the system.

3) Errors when handling files with elevated privileges can be exploited to e.g. create or append to arbitrary files on the system.

4) Certain unspecified setuid-binaries create directory structures insecurely. These can be exploited to e.g. create arbitrary world-writable directories via symlink attacks.

5) Input validation errors when using environment variables to execute binaries or load libraries can be exploited to e.g. execute arbitrary code with root privileges.

6) A boundary error when processing certain unspecified environment variables can be exploited to cause a buffer overflow.

7) A boundary error in the sysproc.auth_list_groups_for_authid function within Base Service Utilities can be exploited to cause a stack-based buffer overflow by passing an overly long value (greater than 40 bytes) to the affected function.

This vulnerability is reported in version 9.1.

8) The problem is that a user may still be able to execute a method even if the privileges for the method has been revoked.

This vulnerability is reported in version 8.

9) An unspecified error related to incorrect authorization checks has been reported.

This vulnerability is reported in version 8.

10) Unspecified errors exists in db2licd, and the OSSEMEMDBG and TRC_LOG_FILE environment variables.

11) A boundary error when processing the DASPROF environment variable can be exploited to cause a buffer overflow.

12) An unspecified error exists during instance and FMP startup.

13) An unspecified error can be exploited to crash the DB2 server via a malformed connection request.

This vulnerability is reported in version 9.

The vulnerabilities are reported in versions 8 and 9.1, unless otherwise indicated.


Solution:
DB2 Universal Database 8:

Further details available to Secunia VIM customers

Provided and/or discovered by:
1) Joshua J. Drake, iDefense Labs
2) Discovered by an anonymous person and reported via iDefense Labs.
3) Discovered independently by:
* Joshua J. Drake, iDefense Labs
* An anonymous person, reported via iDefense Labs.
4) Discovered by an anonymous person and reported via iDefense Labs.
5) Discovered by an anonymous person and reported via iDefense Labs.
6) Discovered by an anonymous person and reported via iDefense Labs.
7) Ariel Sanchez, Application Security Inc.
8)-13) Reported by the vendor.

Original Advisory:
IBM:
http://www-1.ibm.com/support/docview.wss?uid=swg21268189
http://www-1.ibm.com/support/docview.wss?uid=swg1IY88226
http://www-1.ibm.com/support/docview.wss?uid=swg1JR25940
http://www-1.ibm.com/support/docview.wss?uid=swg21255352
http://www-1.ibm.com/support/docview.wss?uid=swg21255607
http://www-1.ibm.com/support/docview.wss?uid=swg1IY99261
http://www-1.ibm.com/support/docview.wss?uid=swg1IY98210
http://www-1.ibm.com/support/docview.wss?uid=swg1IY97936
http://www-1.ibm.com/support/docview.wss?uid=swg1IY97922
http://www-1.ibm.com/support/docview.wss?uid=swg1IZ01828
http://www-1.ibm.com/support/docview.wss?uid=swg1IZ00188

iDefense Labs:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=578
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=579
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=580
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=581
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=582
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=583

Application Security Inc.:
http://www.appsecinc.com/resources/alerts/db2/2007-01.shtml

Deep Links:
Links available to Secunia VIM customers

Do you have additional information related to this advisory?

Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this information to vuln@secunia.com

Subject: IBM DB2 Multiple Vulnerabilities

No posts yet

-

You must be logged in to post a comment.



 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Factsheets
Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability