CVE-2003-0837
CVSS7.5
发布时间 :2003-11-17 00:00:00
修订时间 :2016-10-17 22:37:46
NMCOPS    

[原文]Stack-based buffer overflow in IBM DB2 Universal Data Base 7.2 for Windows, before Fixpak 10a, allows attackers with "Connect" privileges to execute arbitrary code via the INVOKE command.


[CNNVD]IBM DB2 Invoke存储过程远程缓冲区溢出漏洞(CNNVD-200311-063)

        
        DB2是一款IBM的关系数据库软件。
        DB2处理INVOKE存储过程命令缺少充分的边界缓冲区检查,远程攻击者可以利用这个漏洞触发缓冲区溢出,可能以DB2进程权限在系统上执行任意指令。
        DB2的INVOKE命令可调用数据库中的过程存储,也就是所说的数据库应用远程接口(DARI)。攻击者提交特殊构建的INVOKE命令,可导致触发缓冲区溢出,精心构建提交数据可能以DB2进程权限在系统上执行任意指令。在Windows系统下一般为系统权限。
        

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0837
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0837
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200311-063
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=106503709914622&w=2
(UNKNOWN)  BUGTRAQ  20031001 ptl-2003-02: IBM DB2 INVOKE Command Stack Overflow Vulnerability
http://www.securityfocus.com/bid/8743
(VENDOR_ADVISORY)  BID  8743
http://xforce.iss.net/xforce/xfdb/13331
(UNKNOWN)  XF  db2-invoke-bo(13331)

- 漏洞信息

IBM DB2 Invoke存储过程远程缓冲区溢出漏洞
高危 边界条件错误
2003-11-17 00:00:00 2005-10-20 00:00:00
远程  
        
        DB2是一款IBM的关系数据库软件。
        DB2处理INVOKE存储过程命令缺少充分的边界缓冲区检查,远程攻击者可以利用这个漏洞触发缓冲区溢出,可能以DB2进程权限在系统上执行任意指令。
        DB2的INVOKE命令可调用数据库中的过程存储,也就是所说的数据库应用远程接口(DARI)。攻击者提交特殊构建的INVOKE命令,可导致触发缓冲区溢出,精心构建提交数据可能以DB2进程权限在系统上执行任意指令。在Windows系统下一般为系统权限。
        

- 公告与补丁

        厂商补丁:
        IBM
        ---
        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
        
        http://www-3.ibm.com/cgi-bin/db2www/data/db2/udb/winos2unix/support/download.d2w/report

- 漏洞信息 (F31745)

ptl-2003-02 (PacketStormID:F31745)
2003-10-01 00:00:00
Matt Moore  pentest.co.uk
advisory,overflow,arbitrary
windows
CVE-2003-0837
[点击下载]

IBM DB2 version 7.2 for Windows is vulnerable to a stack overflow in the INVOKE command that allows any attacker with Connect privileges to execute arbitrary code as the Administrators group.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Pentest Limited Security Advisory

IBM DB2 INVOKE Command Stack Overflow Vulnerability


Advisory Details
- ----------------

Title: IBM DB2 INVOKE Command Stack Overflow Vulnerability
Announcement date: 1st October 2003
Advisory Reference: ptl-2003-02
CVE Name: CAN-2003-0837
Product: IBM DB2 Universal Database
Vulnerability Type : Buffer Overflow
Vendor-URL: http://www.ibm.com/data/db2/udb
Vendor-Status: Fixpack Issued
Remotely Exploitable: Yes
Locally Exploitable: Yes
Advisory URL: http://www.pentest.co.uk/


Vulnerability Description
- -------------------------

DB2 is IBM's relational database software. The IBM DB2 INVOKE
command invokes a procedure stored at the location of a database. It
is also known as the Database Application Remote Interface (DARI). The
server procedure executes at the location of the database, and returns
data to the client application.

This command is vulnerable to a stack based overflow that allows an
attacker with "Connect" privileges to the database to execute arbitrary
code on the vulnerable machine in the context of the Administrators
group on Windows NT.

The vulnerability is triggered by issuing a carefully crafted INVOKE
command.

Vulnerable Versions
- -------------------

IBM DB2 Universal Data Base v7.2 for Windows is vulnerable.

The vendor has stated that 'the problem was limited to Windows specific
code in v7 that was replaced in v8. So, the vulnerability does not
affect any of the UNIX or Linux versions, nor does it affect version 8.'

Vendor Status
- -------------

IBM:
- - Pentest Notification: 20-11-2002
- - Notification acknowledged by IBM: 22-11-2002
- - Fixes available from: 17-09-2003

Fix
- ---

Issue is fixed in Fixpak 10a for DB2 v7.2.

Fixpaks are available at:

http://www-3.ibm.com/cgi-bin/db2www/data/db2/udb/winos2unix/support/download.d2w/report

Credit
- ------

This vulnerability was discovered by Matt Moore from Pentest Limited.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQE/ezPK4bMUolR4sycRAmxwAJ4pPb5jpOdEgeq8n/o/DAzpsMSdhwCfVB7f
iJSmNvYevCJbF/6tHcCh+v8=
=ACSr
-----END PGP SIGNATURE-----
    

- 漏洞信息

6386
IBM DB2 INVOKE Command Overflow
Local Access Required, Remote / Network Access Input Manipulation
Loss of Integrity
Exploit Unknown

- 漏洞描述

A remote overflow exists in IBM DB2 Invoke command. The database fails to protect against carefully crafted invoke command resulting in a stack based buffer overflow. With a specially crafted request, an attacker can execute arbitrary code with administrator privileges on Windows resulting in a loss of integrity.

- 时间线

2003-10-01 Unknow
Unknow Unknow

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, IBM has released Fixpak 10a for DB2 v7.2 to address this vulnerability.

- 相关参考

- 漏洞作者

- 漏洞信息

IBM DB2 Invoke Stored Procedure Buffer Overflow Vulnerability
Boundary Condition Error 8743
Yes No
2003-10-01 12:00:00 2009-07-11 11:56:00
The discovery of this vulnerability has been credited to Matt Moore.

- 受影响的程序版本

IBM DB2 Universal Database for Windows 7.2
IBM DB2 Universal Database for Windows 7.1
IBM DB2 Universal Database for Solaris 7.2
IBM DB2 Universal Database for Linux 7.2
IBM DB2 Universal Database for HP-UX 7.2
IBM DB2 Universal Database for AIX 7.2

- 漏洞讨论

A problem in IBM DB2 has been reported when specific queries are passed to the INVOKE stored procedure. Because of this, an attacker may be able to gain unauthorized access to system resources.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

IBM has released a Fixpack to address this issue.


IBM DB2 Universal Database for Windows 7.2

IBM DB2 Universal Database for AIX 7.2

IBM DB2 Universal Database for HP-UX 7.2

IBM DB2 Universal Database for Solaris 7.2

IBM DB2 Universal Database for Linux 7.2

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站