IBM DB2 db2govd Command Line Argument Local Overflow
2003-11-08T23:46:56
ID OSVDB:16000 Type osvdb Reporter OSVDB Modified 2003-11-08T23:46:56
Description
No description provided by the source
References:
Related OSVDB ID: 15998Related OSVDB ID: 15999
Other Advisory URL: http://www.secnetops.com/research/advisories/SRT2003-11-06-0710.txt
Mail List Post: http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0033.html
ISS X-Force ID: 13633
CVE-2003-1050
Bugtraq ID: 8990
{"cve": [{"lastseen": "2021-02-02T05:22:10", "description": "Multiple buffer overflows in IBM DB2 Universal Database 8.1 may allow local users to execute arbitrary code via long command line arguments to (1) db2start, (2) db2stop, or (3) db2govd.", "edition": 3, "cvss3": {}, "published": "2004-09-28T04:00:00", "title": "CVE-2003-1050", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2003-1050"], "modified": "2017-07-11T01:29:00", "cpe": [], "id": "CVE-2003-1050", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-1050", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": []}], "osvdb": [{"lastseen": "2017-04-28T13:20:12", "bulletinFamily": "software", "cvelist": ["CVE-2003-1050"], "edition": 1, "description": "# No description provided by the source\n\n## References:\n[Related OSVDB ID: 16000](https://vulners.com/osvdb/OSVDB:16000)\n[Related OSVDB ID: 15999](https://vulners.com/osvdb/OSVDB:15999)\nOther Advisory URL: http://www.secnetops.com/research/advisories/SRT2003-11-06-0710.txt\nMail List Post: http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0033.html\nISS X-Force ID: 13633\n[CVE-2003-1050](https://vulners.com/cve/CVE-2003-1050)\nBugtraq ID: 8990\n", "modified": "2003-11-08T23:46:56", "published": "2003-11-08T23:46:56", "href": "https://vulners.com/osvdb/OSVDB:15998", "id": "OSVDB:15998", "type": "osvdb", "title": "IBM DB2 db2start Command Line Argument Local Overflow", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-04-28T13:20:12", "bulletinFamily": "software", "cvelist": ["CVE-2003-1050"], "edition": 1, "description": "# No description provided by the source\n\n## References:\n[Related OSVDB ID: 16000](https://vulners.com/osvdb/OSVDB:16000)\n[Related OSVDB ID: 15998](https://vulners.com/osvdb/OSVDB:15998)\nOther Advisory URL: http://www.secnetops.com/research/advisories/SRT2003-11-06-0710.txt\nMail List Post: http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0033.html\nISS X-Force ID: 13633\n[CVE-2003-1050](https://vulners.com/cve/CVE-2003-1050)\nBugtraq ID: 8990\n", "modified": "2003-11-08T23:46:56", "published": "2003-11-08T23:46:56", "href": "https://vulners.com/osvdb/OSVDB:15999", "id": "OSVDB:15999", "type": "osvdb", "title": "IBM DB2 db2stop Command Line Argument Local Overflow", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "exploitdb": [{"lastseen": "2016-02-02T20:48:35", "description": "IBM DB2 db2start Command Line Argument Local Overflow. CVE-2003-1050. Dos exploit for linux platform", "published": "2003-11-07T00:00:00", "type": "exploitdb", "title": "IBM DB2 db2start Command Line Argument Local Overflow", "bulletinFamily": "exploit", "cvelist": ["CVE-2003-1050"], "modified": "2003-11-07T00:00:00", "id": "EDB-ID:23347", "href": "https://www.exploit-db.com/exploits/23347/", "sourceData": "source: http://www.securityfocus.com/bid/8990/info\r\n\r\nIBM DB2 has been reported to be prone to multiple buffer overflow vulnerabilities that present themselves in binaries that are shipped with DB2. The vulnerabilities are likely caused due to a lack of sufficient boundary checks performed on user supplied command-line arguments before they are copied into a reserved buffer in memory. It has been reported that by supplying arguments of excessive length to the respective vulnerable executables a local attacker may trigger the execution of arbitrary attacker-supplied instructions with elevated privileges. \r\n\r\n[kf@RiotStarter adm]$ source /home/db2inst1/sqllib/db2profile\r\n[kf@RiotStarter adm]$ ./db2start `perl -e 'print \"A\" x 9901'`\r\nSegmentation fault", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/23347/"}, {"lastseen": "2016-02-02T20:48:42", "description": "IBM DB2 db2stop Command Line Argument Local Overflow. CVE-2003-1050 . Dos exploit for linux platform", "published": "2003-11-07T00:00:00", "type": "exploitdb", "title": "IBM DB2 db2stop Command Line Argument Local Overflow", "bulletinFamily": "exploit", "cvelist": ["CVE-2003-1050"], "modified": "2003-11-07T00:00:00", "id": "EDB-ID:23348", "href": "https://www.exploit-db.com/exploits/23348/", "sourceData": "source: http://www.securityfocus.com/bid/8990/info\r\n \r\nIBM DB2 has been reported to be prone to multiple buffer overflow vulnerabilities that present themselves in binaries that are shipped with DB2. The vulnerabilities are likely caused due to a lack of sufficient boundary checks performed on user supplied command-line arguments before they are copied into a reserved buffer in memory. It has been reported that by supplying arguments of excessive length to the respective vulnerable executables a local attacker may trigger the execution of arbitrary attacker-supplied instructions with elevated privileges. \r\n\r\n[kf@RiotStarter adm]$ ./db2stop `perl -e 'print \"A\" x 4001'`\r\nSegmentation fault", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/23348/"}, {"lastseen": "2016-02-02T20:48:50", "description": "IBM DB2 db2govd Command Line Argument Local Overflow. CVE-2003-1050. Dos exploit for linux platform", "published": "2003-11-07T00:00:00", "type": "exploitdb", "title": "IBM DB2 db2govd Command Line Argument Local Overflow", "bulletinFamily": "exploit", "cvelist": ["CVE-2003-1050"], "modified": "2003-11-07T00:00:00", "id": "EDB-ID:23349", "href": "https://www.exploit-db.com/exploits/23349/", "sourceData": "source: http://www.securityfocus.com/bid/8990/info\r\n \r\nIBM DB2 has been reported to be prone to multiple buffer overflow vulnerabilities that present themselves in binaries that are shipped with DB2. The vulnerabilities are likely caused due to a lack of sufficient boundary checks performed on user supplied command-line arguments before they are copied into a reserved buffer in memory. It has been reported that by supplying arguments of excessive length to the respective vulnerable executables a local attacker may trigger the execution of arbitrary attacker-supplied instructions with elevated privileges. \r\n\r\n[db2inst1@RiotStarter adm]$ ./db2govd stop a `perl -e 'print \"A\" x 65'`\r\nSegmentation fault ", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/23349/"}]}
