CVE-2002-1583
CVSS7.2
发布时间 :2004-09-28 00:00:00
修订时间 :2008-09-05 16:30:59
NMCOS    

[原文]Buffer overflow in sqllib/security/db2ckpw for IBM DB2 Universal Database 6.0 and 7.0 allows local users to execute arbitrary code via a long username that is read from a file descriptor argument.


[CNNVD]IBM DB2 db2ckpw本地缓冲区溢出漏洞(CNNVD-200409-065)

        
        IBM DB2是一款由IBM公司开发的强大的数据库系统,适合于多种操作系统下使用,其中'db2ckpw'程序以setuid root方式安装,作为验证机制的一部分使用。
        'db2ckpw'程序对用户名的数据检查缺少正确的处理,可导致本地攻击者进行缓冲溢出区攻击。
        'db2ckpw'程序对大于8个字符长度用户名处理存在漏洞,本地攻击者可以提交包含多个字符的用户名给'db2ckpw'程序,可导致产生缓冲区溢出,精心构建字符串数据可使攻击者以root权限执行任意指令。
        

- CVSS (基础分值)

CVSS分值: 7.2 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:ibm:db2_universal_database:8.2::windows
cpe:/a:ibm:db2_universal_database:7.0::linux
cpe:/a:ibm:db2_universal_database:7.1::linux
cpe:/a:ibm:db2_universal_database:7.2::linux
cpe:/a:ibm:db2_universal_database:6.0IBM DB2 Universal Database 6.0

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1583
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-1583
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200409-065
(官方数据源) CNNVD

- 其它链接及资源

http://www.securitytracker.com/alerts/2002/May/1004352.html
(VENDOR_ADVISORY)  IBM  MSS-OAR-E01-2002:318.1
http://www.securityfocus.com/bid/4817
(VENDOR_ADVISORY)  BID  4817
http://www.iss.net/security_center/static/9078.php
(VENDOR_ADVISORY)  XF  ibm-db2-db2ckpw-bo(9078)

- 漏洞信息

IBM DB2 db2ckpw本地缓冲区溢出漏洞
高危 边界条件错误
2004-09-28 00:00:00 2005-10-20 00:00:00
本地  
        
        IBM DB2是一款由IBM公司开发的强大的数据库系统,适合于多种操作系统下使用,其中'db2ckpw'程序以setuid root方式安装,作为验证机制的一部分使用。
        'db2ckpw'程序对用户名的数据检查缺少正确的处理,可导致本地攻击者进行缓冲溢出区攻击。
        'db2ckpw'程序对大于8个字符长度用户名处理存在漏洞,本地攻击者可以提交包含多个字符的用户名给'db2ckpw'程序,可导致产生缓冲区溢出,精心构建字符串数据可使攻击者以root权限执行任意指令。
        

- 公告与补丁

        临时解决方法:
        如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
        * 在防火墙上对DB2数据库进行访问控制,只允许可信用户访问。
        厂商补丁:
        IBM
        ---
        IBM已经为此发布了一个安全公告(MSS-OAR-E01-2002:318.1)以及相应补丁:
        MSS-OAR-E01-2002:318.1:Buffer overflow vulnerability in DB2 for AIX, Linux, Solaris, and HP-UX
        链接:
        http://www-1.ibm.com/services/continuity/recover1.nsf/MSS/MSS-OAR-E01-2002.318.1

        补丁下载:
        IBM DB2 Universal Database for AIX 6.0:
        IBM Hotfix FP10_U482111
        ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2aixv61/FP10_U482111/
        FixPack 10 for DB2 V6 for AIX.
        IBM DB2 Universal Database for HP-UX 6.0:
        IBM Hotfix FP10_U482113
        ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2hp10v61/FP10_U482113/
        FixPack 10 for DB2 V6 for HP-UX 10.x.
        IBM Hotfix FP10_U482114
        ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2hp11v61/FP10_U482114/
        FixPack 10 for DB2 V6 for HP-UX 11.x.
        IBM DB2 Universal Database for Linux 6.0:
        IBM Hotfix FP10_IP22471
        ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2linuxv61/FP10_IP22471/
        FixPack 10 for DB2 V6 for Linux.
        IBM DB2 Universal Database for Solaris 6.0:
        IBM Hotfix FP10_U482112
        ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2sunv61/FP10_U482112/
        FixPack 10 for DB2 V6 for Solaris.
        IBM DB2 Universal Database for Linux 6.1:
        IBM Hotfix FP10_IP22471
        ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2linuxv61/FP10_IP22471/
        FixPack 10 for DB2 V6 for Linux.
        IBM DB2 Universal Database for HP-UX 6.1:
        IBM Hotfix FP10_U482113
        ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2hp10v61/FP10_U482113/
        FixPack 10 for DB2 V6 for HP-UX 10.x.
        IBM Hotfix FP10_U482114
        ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2hp11v61/FP10_U482114/
        FixPack 10 for DB2 V6 for HP-UX 11.x.
        IBM DB2 Universal Database for Solaris 6.1:
        IBM Hotfix FP10_U482112
        ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2sunv61/FP10_U482112/
        FixPack 10 for DB2 V6 for Solaris.
        IBM DB2 Universal Database for AIX 6.1:
        IBM Hotfix FP10_U482111
        ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2aixv61/FP10_U482111/
        FixPack 10 for DB2 V6 for AIX.
        IBM DB2 Universal Database for AIX 7.0:
        IBM Hotfix FP6_U481406
        ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2aixv7/FP6_U481406/
        FixPack 6 for DB2 V7 for AIX.
        IBM Hotfix FP6_U481407
        ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2aix43-64v7/FP6_U481407/
        FixPack 6 for DB2 V7 for AIX43-64.
        IBM Hotfix FP6_U481408
        ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2aix5-64v7/FP6_U481408/
        FixPack 6 for DB2 V7 for AIX5-64.
        IBM DB2 Universal Database for Linux 7.0:
        IBM Hotfix FP6_U481413
        ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2linuxv7/FP6_U481413/
        FixPack 6 for DB2 V7 for Linux.
        IBM APAR FP6_MI00038
        ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2linux390v7/FP6_MI00038/
        FixPack 6 for DB2 V7 for Linux390.
        IBM DB2 Universal Database for HP-UX 7.0:
        IBM Hotfix FP6_U481411
        ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2hpv7/FP6_U481411/
        FixPack 6 for DB2 V7 for HP-UX 11.x.
        IBM Hotfix FP6_U481412
        ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2hp64v7/FP6_U481412/
        FixPack 6 for DB2 V7 for HP64.
        IBM DB2 Universal Database for Solaris 7.0:
        IBM Hotfix FP6_U481409
        ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2sunv7/FP6_U481409/
        FixPack 6 for DB2 V7 for Solaris.
        IBM Hotfix FP6_U481410
        ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2sun64v7/FP6_U481410/
        FixPack 6 for DB2 V7 for Solaris (64-bit).
        IBM DB2 Universal Database for Solaris 7.1:
        IBM Hotfix FP6_U481409
        ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2sunv7/FP6_U481409/
        FixPack 6 for DB2 V7 for Solaris.
        IBM Hotfix FP6_U481410
        ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2sun64v7/FP6_U481410/
        FixPack 6 for DB2 V7 for Solaris (64-bit).
        IBM DB2 Universal Database for Linux 7.1:
        IBM Hotfix FP6_U481413
        ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2linuxv7/FP6_U481413/
        FixPack 6 for DB2 V7 for Linux.
        IBM APAR FP6_MI00038
        ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2linux390v7/FP6_MI00038/
        FixPack 6 for DB2 V7 for Linux390.
        IBM DB2 Universal Database for HP-UX 7.1:
        IBM Hotfix FP6_U481411
        ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2hpv7/FP6_U481411/
        FixPack 6 for DB2 V7 for HP-UX 11.x.
        IBM Hotfix FP6_U481412
        ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2hp64v7/FP6_U481412/
        FixPack 6 for DB2 V7 for HP64.
        IBM DB2 Universal Database for AIX 7.1:
        IBM Hotfix FP6_U481406
        ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2aixv7/FP6_U481406/
        FixPack 6 for DB2 V7 for AIX.
        IBM Hotfix FP6_U481407
        ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2aix43-64v7/FP6_U481407/
        F

- 漏洞信息

16001
IBM DB2 db2ckpw Username Variable Local Overflow
Input Manipulation
Loss of Integrity

- 漏洞描述

Unknown or Incomplete

- 时间线

2002-05-10 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

IBM DB2 db2ckpw Buffer Overflow Vulnerability
Boundary Condition Error 4817
No Yes
2002-05-24 12:00:00 2009-07-11 12:46:00
Announced in IBM Security Advisory MSS-OAR-E01-2002:318.1.

- 受影响的程序版本

IBM DB2 Universal Database for Solaris 7.2
IBM DB2 Universal Database for Solaris 7.1
IBM DB2 Universal Database for Solaris 7.0
IBM DB2 Universal Database for Solaris 6.1
IBM DB2 Universal Database for Solaris 6.0
IBM DB2 Universal Database for Linux 7.2
IBM DB2 Universal Database for Linux 7.1
IBM DB2 Universal Database for Linux 7.0
IBM DB2 Universal Database for Linux 6.1
- Caldera OpenLinux 2.4
- RedHat Linux 7.0
- S.u.S.E. Linux 7.0
- Turbolinux Turbolinux 6.0.4
IBM DB2 Universal Database for Linux 6.0
IBM DB2 Universal Database for HP-UX 7.2
IBM DB2 Universal Database for HP-UX 7.1
IBM DB2 Universal Database for HP-UX 7.0
IBM DB2 Universal Database for HP-UX 6.1
IBM DB2 Universal Database for HP-UX 6.0
IBM DB2 Universal Database for AIX 7.2
IBM DB2 Universal Database for AIX 7.1
IBM DB2 Universal Database for AIX 7.0
IBM DB2 Universal Database for AIX 6.1
IBM DB2 Universal Database for AIX 6.0

- 漏洞讨论

IBM DB2 includes the utility 'db2ckpw' as part of it's authentication system. By default, db2ckpw is installed setuid root.

An exploitable buffer overflow vulnerability exists in db2ckpw. It is possible to trigger the condition by supplying a username value greater than 8 characters in length. Exploitation of this vulnerability may allow for local attackers to gain root privileges.

- 漏洞利用

Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

IBM has released FixPaks:


IBM DB2 Universal Database for AIX 6.0

IBM DB2 Universal Database for Linux 6.0

IBM DB2 Universal Database for HP-UX 6.0

IBM DB2 Universal Database for Solaris 6.0

IBM DB2 Universal Database for AIX 6.1

IBM DB2 Universal Database for HP-UX 6.1

IBM DB2 Universal Database for Linux 6.1

IBM DB2 Universal Database for Solaris 6.1

IBM DB2 Universal Database for Solaris 7.0

IBM DB2 Universal Database for HP-UX 7.0

IBM DB2 Universal Database for Linux 7.0

IBM DB2 Universal Database for AIX 7.0

IBM DB2 Universal Database for Solaris 7.1

IBM DB2 Universal Database for Linux 7.1

IBM DB2 Universal Database for AIX 7.1

IBM DB2 Universal Database for HP-UX 7.1

IBM DB2 Universal Database for Linux 7.2

IBM DB2 Universal Database for AIX 7.2

IBM DB2 Universal Database for Solaris 7.2

IBM DB2 Universal Database for HP-UX 7.2

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站