IBM DB2 database multiple security vulnerabilities - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

IBM DB2 database multiple security vulnerabilities
Published: 23.02.2007
Source: BUGTRAQ
SecurityVulns ID: 7295
Type: local
Level: 6/10
Description: Multiple privilege escalations, file creation.

Affected: IBM : DB2 8.1
IBM : DB2 9.1
CVE: CVE-2007-1228 (IBM DB2 UDB 8.2 before Fixpak 7 (aka fixpack 14), and DB2 9 before Fix Pack 2, on UNIX allows the "fenced" user to access certain unauthorized directories.)
CVE-2007-1089 (IBM DB2 Universal Database (UDB) 9.1 GA through 9.1 FP1 allows local users with table SELECT privileges to perform unauthorized UPDATE and DELETE SQL commands via unknown vectors.)
CVE-2007-1088 (Stack-based buffer overflow in IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 allows local users to execute arbitrary code via a long string in unspecified environment variables.)
CVE-2007-1087 (IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 does not properly terminate certain input strings, which allows local users to execute arbitrary code via unspecified environment variables that trigger a heap-based buffer overflow.)
CVE-2007-1086 (Unspecified binaries in IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 allow local users to create or modify arbitrary files via unspecified environment variables related to "unsafe file access.")

Original document IDEFENSE, iDefense Security Advisory 02.22.07: IBM DB2 Universal Database DB2INSTANCE File Creation Vulnerability (23.02.2007)

IDEFENSE, iDefense Security Advisory 02.22.07: IBM DB2 Universal Database Multiple Privilege Escalation Vulnerabilities (23.02.2007)

Discuss: Read or add your comments to this news (0 comments)