[VulnWatch] ptl-2003-01: IBM DB2 LOAD Command Stack Overflow Vulnerability

From: Pentest Security Advisories (alerts_at_pentest.co.uk)
Date: 10/01/03

  • Next message: Maarten Hartsuijker: "[VulnWatch] exploiting fortigate firewall through webinterface" 
    Date: Wed, 01 Oct 2003 20:09:55 +0000
To: vulnwatch@vulnwatch.org

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Pentest Limited Security Advisory

    IBM DB2 LOAD Command Stack Overflow Vulnerability

    Advisory Details
    - ----------------

    Title: IBM DB2 LOAD Command Stack Overflow Vulnerability
    Announcement date: 1st October 2003
    Advisory Reference: ptl-2003-01
    CVE Name: CAN-2003-0836
    Product: IBM DB2 Universal Database
    Vulnerability Type : Buffer Overflow
    Vendor-URL: http://www.ibm.com/software/data/db2/udb
    Vendor-Status: Fixpack Issued
    Remotely Exploitable: Yes
    Locally Exploitable: Yes
    Advisory URL: http://www.pentest.co.uk/

    Vulnerability Description
    - -------------------------

    DB2 is IBM's relational database software. The IBM DB2 LOAD command,
    moves data from files, named pipes, or devices into a DB2 table. This
    command is vulnerable to a stack based overflow that allows an attacker
    with "Connect" privileges to the database to execute arbitrary code on
    the vulnerable machine, by default in the context of the Administrators
    group on Windows and typically db2as or db2inst1 on Linux.

    The vulnerability is triggered by issuing a carefully crafted LOAD
    command.

    Vulnerable Versions
    - -------------------

    IBM DB2 Universal Data Base v7.2 for Linux/x86 is vulnerable.
    IBM DB2 Universal Data Base v7.2 for Windows is vulnerable.

    According to the vendor IBM DB2 Universal Data Base v8.1 is also
    vulnerable. Other IBM DB2 versions and target platforms were not
    available for testing, but may be vulnerable as well.

    The vendor stated that 'the problem was in common code and therefore
    affected all platforms and both v7 and v8 (though not all of those would
    have been exploitable).'

    Vendor Status
    - -------------

    IBM:
    - - Pentest Notification: 20-11-2002
    - - Notification acknowledged by IBM: 22-11-2002
    - - Fixes available from: 17-09-2003

    Fix
    - ---

    Issue is fixed in Fixpak 10/10a for DB2 v7.2.
    Issue is fixed in Fixpak 2 for DB2 v8.1.

    Fixpaks are available at:

    http://www-3.ibm.com/cgi-bin/db2www/data/db2/udb/winos2unix/support/download.d2w/report

    Credit
    - ------

    This vulnerability was discovered by Mark Rowe from Pentest Limited.

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.3 (GNU/Linux)

    iD8DBQE/ezSS4bMUolR4sycRAmqXAJ9uDEOMegh3WR5LiB/HlyCT4/JraQCaAyA0
    BAvTQGVZJ82JWuKzok0ETnw=
    =uAXv
    -----END PGP SIGNATURE-----

  • Next message: Maarten Hartsuijker: "[VulnWatch] exploiting fortigate firewall through webinterface"

    Relevant Pages