CVE-2003-0836
CVSS7.5
发布时间 :2003-11-17 00:00:00
修订时间 :2008-09-10 15:20:37
NMCOPS    

[原文]Stack-based buffer overflow in IBM DB2 Universal Data Base 7.2 before Fixpak 10 and 10a, and 8.1 before Fixpak 2, allows attackers with "Connect" privileges to execute arbitrary code via a LOAD command.


[CNNVD]IBM DB2远程LOAD命令远程缓冲区溢出漏洞(CNNVD-200311-039)

        
        DB2是一款IBM的关系数据库软件。
        DB2处理LOAD命令时缺少充分的边界缓冲区检查,远程攻击者可以利用这个漏洞触发缓冲区溢出,可能以DB2进程权限在系统上执行任意指令。
        DB2的LOAD命令用于从文件、有名管道、设备中移动数据到DB2表中,攻击者提交特殊构建的LOAD命令,可导致触发缓冲区溢出,精心构建提交数据可能以DB2进程权限在系统上执行任意指令。
        

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:ibm:db2_universal_database:8.1::aix
cpe:/a:ibm:db2_universal_database:7.2::linux

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0836
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0836
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200311-039
(官方数据源) CNNVD

- 其它链接及资源

- 漏洞信息

IBM DB2远程LOAD命令远程缓冲区溢出漏洞
高危 边界条件错误
2003-11-17 00:00:00 2005-10-20 00:00:00
远程  
        
        DB2是一款IBM的关系数据库软件。
        DB2处理LOAD命令时缺少充分的边界缓冲区检查,远程攻击者可以利用这个漏洞触发缓冲区溢出,可能以DB2进程权限在系统上执行任意指令。
        DB2的LOAD命令用于从文件、有名管道、设备中移动数据到DB2表中,攻击者提交特殊构建的LOAD命令,可导致触发缓冲区溢出,精心构建提交数据可能以DB2进程权限在系统上执行任意指令。
        

- 公告与补丁

        厂商补丁:
        IBM
        ---
        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
        
        http://www-3.ibm.com/cgi-bin/db2www/data/db2/udb/winos2unix/support/download.d2w/report

- 漏洞信息 (F31744)

ptl-2003-01 (PacketStormID:F31744)
2003-10-01 00:00:00
Mark Rowe  pentest.co.uk
advisory,overflow
linux,windows
CVE-2003-0836
[点击下载]

IBM DB2 versions 7.2 for Linux and Windows are both vulnerable to a stack overflow in the LOAD command that is both locally and remotely exploitable.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Pentest Limited Security Advisory

IBM DB2 LOAD Command Stack Overflow Vulnerability


Advisory Details
- ----------------

Title: IBM DB2 LOAD Command Stack Overflow Vulnerability
Announcement date: 1st October 2003
Advisory Reference: ptl-2003-01
CVE Name: CAN-2003-0836
Product: IBM DB2 Universal Database
Vulnerability Type : Buffer Overflow
Vendor-URL: http://www.ibm.com/software/data/db2/udb
Vendor-Status: Fixpack Issued
Remotely Exploitable: Yes
Locally Exploitable: Yes
Advisory URL: http://www.pentest.co.uk/


Vulnerability Description
- -------------------------

DB2 is IBM's relational database software. The IBM DB2 LOAD command,
moves data from files, named pipes, or devices into a DB2 table. This
command is vulnerable to a stack based overflow that allows an attacker
with "Connect" privileges to the database to execute arbitrary code on
the vulnerable machine, by default in the context of the Administrators
group on Windows and typically db2as or db2inst1 on Linux.

The vulnerability is triggered by issuing a carefully crafted LOAD
command.


Vulnerable Versions
- -------------------

IBM DB2 Universal Data Base v7.2 for Linux/x86 is vulnerable.
IBM DB2 Universal Data Base v7.2 for Windows is vulnerable.

According to the vendor IBM DB2 Universal Data Base v8.1 is also
vulnerable. Other IBM DB2 versions and target platforms were not
available for testing, but may be vulnerable as well.

The vendor stated that 'the problem was in common code and therefore
affected all platforms and both v7 and v8 (though not all of those would
have been exploitable).'

Vendor Status
- -------------

IBM:
- - Pentest Notification: 20-11-2002
- - Notification acknowledged by IBM: 22-11-2002
- - Fixes available from: 17-09-2003

Fix
- ---

Issue is fixed in Fixpak 10/10a for DB2 v7.2.
Issue is fixed in Fixpak 2 for DB2 v8.1.

Fixpaks are available at:

http://www-3.ibm.com/cgi-bin/db2www/data/db2/udb/winos2unix/support/download.d2w/report



Credit
- ------

This vulnerability was discovered by Mark Rowe from Pentest Limited.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQE/ezMy4bMUolR4sycRAtr+AKCORME58vRDwEf+b0dhtOzBOsiI9QCfZQUQ
NeGBSN0Df5qH5ynQHAnKpqI=
=p2HP
-----END PGP SIGNATURE-----
    

- 漏洞信息

2629
IBM DB2 LOAD Command Overflow
Local Access Required, Remote / Network Access Input Manipulation
Loss of Integrity
Exploit Unknown

- 漏洞描述

A remote overflow exists in IBM DB2. The database fails to protect against carefully crafted load command resulting in a stack based buffer overflow. With a specially crafted request, an attacker can execute arbitrary code with administrator privileges on Windows and db2as or db2inst1 on Linux resulting in a loss of integrity.

- 时间线

2003-10-01 Unknow
Unknow Unknow

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, IBM has released Fixpak 10/10a for DB2 v7.2 and Fixpak 2 for DB2 v8.1 to address this vulnerability.

- 相关参考

- 漏洞作者

- 漏洞信息

IBM DB2 Remote LOAD Command Buffer Overrun Vulnerability
Boundary Condition Error 8742
Yes No
2003-10-01 12:00:00 2009-07-11 11:56:00
The discovery of this vulnerability has been credited to Mark Rowe.

- 受影响的程序版本

IBM DB2 Universal Database for Windows 8.1
IBM DB2 Universal Database for Windows 8.0
IBM DB2 Universal Database for Windows 7.2
IBM DB2 Universal Database for Windows 7.1
IBM DB2 Universal Database for Linux 8.1
IBM DB2 Universal Database for Linux 8.0
IBM DB2 Universal Database for Linux 7.2
IBM DB2 Universal Database for Linux 7.1
IBM DB2 Universal Database for Linux 7.0

- 漏洞讨论

A vulnerability has been discovered in IBM DB2. The problem occurs due to insufficient bounds checking when handling the LOAD command. As a result, a remote attacker with sufficient privileges may be capable of trigger a buffer overrun. This would effectively allow for the execution flow of IBM DB2 to be controlled, and could ultimately result in the execution of attacker-supplied code with the privileges of the target process.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

IBM has released a Fixpack to address this issue.


IBM DB2 Universal Database for Windows 7.2

IBM DB2 Universal Database for Linux 7.2

IBM DB2 Universal Database for Windows 8.1

IBM DB2 Universal Database for Linux 8.1

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站