IBM DB2 Multiple Vulnerabilities - Secunia Advisories - Vulnerability Intelligence

IBM DB2 Multiple Vulnerabilities
Secunia Advisory:	SA26471	Advisory Toolbox: Issue ticket Save in to-do list Mark as handled Exploit information Download as PDF Review actions Add comment
Release Date:	2007-08-16
Last Update:	2008-07-11
Popularity:	9,003 views

Critical:	Moderately critical
Impact:	Unknown Security Bypass Privilege escalation DoS System access
Where:	From local network
Solution Status:	Vendor Patch

Software:	DB2 Universal Database 8.x IBM DB2 9.x

Subscribe:	Instant alerts on relevant vulnerabilities

CVE reference:	CVE-2007-4270 CVE-2007-4271 CVE-2007-4272 CVE-2007-4273 CVE-2007-4275 CVE-2007-4276 CVE-2007-4423 CVE-2007-4417 CVE-2007-4418

Description: Multiple vulnerabilities have been reported in IBM DB2, some of which have unknown impacts, while others can be exploited by malicious, local users to bypass certain security restrictions, perform certain actions with escalated privileges, and gain escalated privileges, by malicious users to compromise a vulnerable system, or by malicious people to cause a DoS (Denial of Service). 1) Race condition errors when modifying symbolic links can be exploited to e.g. modify arbitrary files with root privileges. 2) An input validation error when using environment variables to save event information to a log file can be exploited to e.g. create arbitrary files on the system. 3) Errors when handling files with elevated privileges can be exploited to e.g. create or append to arbitrary files on the system. 4) Certain unspecified setuid-binaries create directory structures insecurely. These can be exploited to e.g. create arbitrary world-writable directories via symlink attacks. 5) Input validation errors when using environment variables to execute binaries or load libraries can be exploited to e.g. execute arbitrary code with root privileges. 6) A boundary error when processing certain unspecified environment variables can be exploited to cause a buffer overflow. 7) A boundary error in the sysproc.auth_list_groups_for_authid function within Base Service Utilities can be exploited to cause a stack-based buffer overflow by passing an overly long value (greater than 40 bytes) to the affected function. This vulnerability is reported in version 9.1. 8) The problem is that a user may still be able to execute a method even if the privileges for the method has been revoked. This vulnerability is reported in version 8. 9) An unspecified error related to incorrect authorization checks has been reported. This vulnerability is reported in version 8. 10) Unspecified errors exists in db2licd, and the OSSEMEMDBG and TRC_LOG_FILE environment variables. 11) A boundary error when processing the DASPROF environment variable can be exploited to cause a buffer overflow. 12) An unspecified error exists during instance and FMP startup. 13) An unspecified error can be exploited to crash the DB2 server via a malformed connection request. This vulnerability is reported in version 9. The vulnerabilities are reported in versions 8 and 9.1, unless otherwise indicated. Solution: DB2 Universal Database 8: Update to version 8 Fixpak 15. http://www-1.ibm.com/support/docview.wss?uid=swg21256235 DB2 Universal Database 9.1: Update to version 9.1 Fixpak 3. http://www-1.ibm.com/support/docview.wss?uid=swg21255572 NOTE: Due to permission issues the vendor does not recommend to install Fixpak 15 or 16 for DB Universal Database 8 on Solaris platforms. Please see the vendor advisory for more information. http://www-1.ibm.com/support/docview.wss?uid=swg21295375 Provided and/or discovered by: 1) Joshua J. Drake, iDefense Labs 2) Discovered by an anonymous person and reported via iDefense Labs. 3) Discovered independently by: * Joshua J. Drake, iDefense Labs * An anonymous person, reported via iDefense Labs. 4) Discovered by an anonymous person and reported via iDefense Labs. 5) Discovered by an anonymous person and reported via iDefense Labs. 6) Discovered by an anonymous person and reported via iDefense Labs. 7) Ariel Sanchez, Application Security Inc. 8)-13) Reported by the vendor. Changelog: 2007-08-17: Updated additional information and links from iDefense Labs and IBM. Added CVE references. 2007-08-22: Added CVE reference. 2007-09-04: Updated advisory with additional "System Access" impact and additional information from Application Security Inc. Added additional links to IBM and Application Security Inc. 2007-10-26: Added additional IBM link. 2008-04-10: Added note to "Solution" section about issues with Fixpak 15 and 16 for DB2 Universal Database 8. 2008-07-11: Added vulnerability #13 and link to vendor advisory. Original Advisory: IBM: http://www-1.ibm.com/support/docview.wss?uid=swg21268189 http://www-1.ibm.com/support/docview.wss?uid=swg1IY88226 http://www-1.ibm.com/support/docview.wss?uid=swg1JR25940 http://www-1.ibm.com/support/docview.wss?uid=swg21255352 http://www-1.ibm.com/support/docview.wss?uid=swg21255607 http://www-1.ibm.com/support/docview.wss?uid=swg1IY99261 http://www-1.ibm.com/support/docview.wss?uid=swg1IY98210 http://www-1.ibm.com/support/docview.wss?uid=swg1IY97936 http://www-1.ibm.com/support/docview.wss?uid=swg1IY97922 http://www-1.ibm.com/support/docview.wss?uid=swg1IZ01828 http://www-1.ibm.com/support/docview.wss?uid=swg1IZ00188 iDefense Labs: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=578 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=579 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=580 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=581 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=582 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=583 Application Security Inc.: http://www.appsecinc.com/resources/alerts/db2/2007-01.shtml

Track this Secunia Advisory
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released. Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.

About this Secunia Advisory
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise. Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.

Latest Advisories

Today

New advisories:	6
New vulnerabilities:	12
Updated advisories:	7

Less // 37 views

HP-UX NFS/ONCplus Denial of Service Vulnerability

Not // 33 views

D-Bus "_dbus_validate_sign ature_with_reason()" Denial of Service

Highly // 36 views

iseemedia LPViewer ActiveX Control Multiple Buffer Overflow Vulnerabilities

Moderately // 35 views

IBM Lotus Quickr Security Issues and Denial of Service

Moderately // 34 views

Kwalbum "UploaditemsPage.php " File Upload Vulnerability

Moderately // 70 views

Debian update for lighttpd

6th Oct, 2008

New advisories:	19
New vulnerabilities:	52
Updated advisories:	26

Moderately // 405 views

Serv-U File Renaming Directory Traversal and STOU Denial of Service

Moderately // 388 views

JMweb MP3 Script "src" File Inclusion Vulnerabilities

Less // 350 views

AmpJuke "special" SQL Injection Vulnerability

Less // 370 views

Website Directory "keyword" Cross-Site Scripting Vulnerability

Solutions | More...

Send Feedback to Secunia
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com. Ideas, suggestions, and other feedback are most welcome.