IBM DB2 db2start Format String Arbitrary Code Execution

2003-11-08T10:38:25
ID OSVDB:2846
Type osvdb
Reporter KF(dotslash@snosoft.com)
Modified 2003-11-08T10:38:25

Description

Vulnerability Description

IBM DB2 contains a flaw that may allow a remote attacker to execute a format string attack. The issue is triggered due to a format string error in the 'db2start' binary. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, IBM has released a patch to address this vulnerability.

Short Description

IBM DB2 contains a flaw that may allow a remote attacker to execute a format string attack. The issue is triggered due to a format string error in the 'db2start' binary. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity.

References:

Vendor URL: http://www-306.ibm.com/software/data/db2/udb/ Vendor Specific Advisory URL Secunia Advisory ID:10173 Related OSVDB ID: 9499 Related OSVDB ID: 9500 Other Advisory URL: http://security-protocols.com/modules.php?name=News&file=article&sid=1628 Mail List Post: http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0033.html ISS X-Force ID: 13633 CVE-2003-1051 Bugtraq ID: 8989