IBM DB2 SATADMIN.SATENCRYPT Overflow

2004-10-06T07:00:32
ID OSVDB:10514
Type osvdb
Reporter NGSSoftware Insight Security Research(nisr@nextgenss.com)
Modified 2004-10-06T07:00:32

Description

Vulnerability Description

A remote overflow exists in DB2. The 'SATENCRYPT' function in the 'SATADMIN' schema fails to perform proper bounds checking resulting in a stack based overflow. By passing an overly long parameter containing 40 bytes or more, a remote attacker can gain access to elevated privileges resulting in a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, IBM has released a patch to address this vulnerability.

Short Description

A remote overflow exists in DB2. The 'SATENCRYPT' function in the 'SATADMIN' schema fails to perform proper bounds checking resulting in a stack based overflow. By passing an overly long parameter containing 40 bytes or more, a remote attacker can gain access to elevated privileges resulting in a loss of integrity.

References:

Vendor URL: http://www-306.ibm.com/software/data/db2/udb/ Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Security Tracker: 1011562 Secunia Advisory ID:12733 Related OSVDB ID: 12755 Related OSVDB ID: 10515 Related OSVDB ID: 10516 Related OSVDB ID: 10519 Related OSVDB ID: 12754 Related OSVDB ID: 10517 Related OSVDB ID: 10518 Related OSVDB ID: 10520 Related OSVDB ID: 12756 Related OSVDB ID: 12757 Related OSVDB ID: 10513 Related OSVDB ID: 10521 Related OSVDB ID: 10522 Related OSVDB ID: 10523 Other Advisory URL: http://www.nextgenss.com/advisories/db205012005E.txt Other Advisory URL: http://www.nextgenss.com/advisories/db2-01.txt Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-01/0027.html Keyword: APAR IY62040