Forum - Computer security: vulnerabilities and exploits database

[EN] securityvulns.ru
no-pyccku

IBM DB2 database multiple security vulnerabilities
Published: 18.08.2007
Source: BUGTRAQ
SecurityVulns ID: 8068
Type: remote
Level: 6/10
Description: Directory traversal, buffer overflow, shared libraries loaded from insecure locations, files and directories manipulation.

Affected: IBM : DB2 9.1
CVE: CVE-2007-4276 (Stack-based buffer overflow in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allows attackers to execute arbitrary code via a long DASPROF and possibly other environment variables, which are copied into the buildDasPaths buffer.)
CVE-2007-4275 (Multiple untrusted search path vulnerabilities in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allow local users to gain privileges via certain vectors related to (1) DB2 instance or FMP startup on Linux and Solaris; (2) exec of executables while running as root on non-Windows systems, as demonstrated by AIX; and unspecified vectors involving (3) db2licm and (4) db2pd.)
CVE-2007-4273 (IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allows local users to create arbitrary directories and execute arbitrary code via a "crafted localized message file" that enables a format string attack, possibly involving the (1) OSSEMEMDBG or (2) TRC_LOG_FILE environment variable in db2licd (db2licm).)
CVE-2007-4272 (Multiple vulnerabilities in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allow local users to create arbitrary files via (1) unspecified vectors where an attacker's umask is honored, (2) /etc/ld.so.preload, (3) certain "cron data file locations", and other unspecified vectors possibly involving the (4) OSSEMEMDBG or (5) TRC_LOG_FILE environment variable in db2licd (db2licm).)
CVE-2007-4271 (Directory traversal vulnerability in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allows local users to create arbitrary files via a .. (dot dot) in an unspecified environment variable, which is appended to "/tmp/" and used as a log file. NOTE: this issue might be related to symlink following.)
CVE-2007-4270 (Multiple race conditions in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allow local users to gain root privileges via a symlink attack on certain files.)

Original document IDEFENSE, iDefense Security Advisory 08.16.07: IBM DB2 Universal Database Directory Creation Vulnerability (18.08.2007)

IDEFENSE, iDefense Security Advisory 08.16.07: IBM DB2 Universal Database Multiple Race Condition Vulnerabilities (18.08.2007)

IDEFENSE, iDefense Security Advisory 08.16.07: IBM DB2 Universal Database Multiple File Creation Vulnerabilities (18.08.2007)

document IDEFENSE, iDefense Security Advisory 08.16.07: IBM DB2 Universal Database Multiple Untrusted Search Path Vulnerabilities (18.08.2007)

IDEFENSE, iDefense Security Advisory 08.16.07: IBM DB2 Universal Database buildDasPaths Buffer Overflow Vulnerability (18.08.2007)

IDEFENSE, iDefense Security Advisory 08.16.07: IBM DB2 Universal Database Directory Traversal Vulnerability (18.08.2007)

Discuss: Read or add your comments to this news (0 comments)

Show		Threads
		Messages


Login:*		(Register)
Password:*
(private)	To:
(reply)	Subject:*
Text:

Main Forum (Eng) General security questions not appropriate for another forums.	3proxy Forum (Eng) All 3proxy question must be posted to this forum.	Bugs, Vulnerabilities, PoCs and Exploits (Eng) All vulnerability related questions, vulnerability digging and exploit creation.	Windows programming and administration (Eng) Administering Windows and application development.	Unix programming and administation (Eng) Administering Unix and application development.	Test forum Please post all test messages here. All test messages from different forums will be deteted.
Main Forum (Rus)	3proxy Forum (Rus)	Bugs, Vulnerabilities, PoCs and Exploits (Rus)	Windows programming and administration (Rus)	Unix programming and administation (Rus)