IBM DB2 db2licm Command Line Local Overflow

2003-09-18T00:00:00
ID OSVDB:2171
Type osvdb
Reporter CORE Security(advisories@coresecurity.com)
Modified 2003-09-18T00:00:00

Description

Vulnerability Description

A local overflow exists in IBM DB2. The 'db2licm' binary fails to perform proper bounds checking resulting in a buffer overflow. By passing an overly long command line argument to the binary, a malicious user can cause arbitrary code execution resulting in a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, IBM has released a patch to address this vulnerability.

Short Description

A local overflow exists in IBM DB2. The 'db2licm' binary fails to perform proper bounds checking resulting in a buffer overflow. By passing an overly long command line argument to the binary, a malicious user can cause arbitrary code execution resulting in a loss of integrity.

References:

Vendor URL: http://www-306.ibm.com/software/data/db2/udb/ Vendor Specific Solution URL: http://www-306.ibm.com/software/data/db2/udb/support/apars.html?aparno=IY47653 Secunia Advisory ID:9779 Related OSVDB ID: 9501 Other Advisory URL: http://www.coresecurity.com/common/showdoc.php?idx=366&idxseccion=10 CVE-2003-0759 CIAC Advisory: n-154 Bugtraq ID: 8553