4373 matches found
CVE-2003-0759
Buffer overflow in db2licm in IBM DB2 Universal Data Base 7.2 before Fixpak 10a allows local users to gain root privileges via a long command line argument...
CVE-2003-0759
CVE-2003-0759 describes a local privilege escalation in IBM DB2 Universal Data Base 7.2 for Linux (x86 and s390) via a stack-based buffer overflow in the setuid binary db2licm. The issue is triggered by a long command line and can grant root privileges. Vendor fixes are provided in Fixpak 10a for...
Multiple IBM DB2 bugs
Format string bugs, buufer overflows...
CORE-2003-0531: Multiple IBM DB2 Stack Overflow Vulnerabilities
Core Security Technologies Advisory http://www.coresecurity.com Multiple IBM DB2 Stack Overflow Vulnerabilities Date Published: 2003-09-18 Last Update: 2003-09-18 Advisory ID: CORE-2003-0531 Bugtraq ID: 8552, 8553 CVE Name: CAN-2003-0758, CAN-2003-0759 Title: Multiple IBM DB2 Stack Overflow...
IBM DB2 db2dart - Buffer Overflow
IBM DB2 db2dart - Buffer Overflow source: https://www.securityfocus.com/bid/8552/info It has been reported that the IBM DB2 db2dart utility is prone to locally exploitable buffer overflow vulnerability. A local attacker, who can authenticate or has access as the db2as user, may exploit this issue...
Multiple IBM DB2 Stack Overflow Vulnerabilities
Advisory ID Internal CORE-2003-0531 Vulnerability Information: Date Published: 2003-09-18 Last Update: 2003-09-17 Advisory ID: CORE-2003-0531 Bugtraq ID:8552, 8553 CVE Name:CAN-2003-0758, CAN-2003-0759 Title: Multiple IBM DB2 Stack Overflow Vulnerabilities Class: Boundary Error Condition Buffer...
IBM DB2 db2dart - Buffer Overflow
source: https://www.securityfocus.com/bid/8552/info It has been reported that the IBM DB2 db2dart utility is prone to locally exploitable buffer overflow vulnerability. A local attacker, who can authenticate or has access as the db2as user, may exploit this issue to execute arbitrary instructions...
Local Vulnerability in IBM DB2 7.1 db2job binary
Title: Local Vulnerability in IBM DB2 7.1 db2job binary Date: 27-07-2003 Platform: Only tested in Linux but can be exported to others. Impact: Users with exec perm over ./db2as/sqllib/adm/db2job can create files with 770 mode and owned by root. Author: Juan Manuel Pascual Escriba [email protected]...
Slight privilege elevation from bin to root in IBM DB2 7.1 - 8.1 all binaries
Title: Local Vulnerability in IBM DB2 7.1 - 8.1 all binaries Date: 27-07-2003 Platform: Only tested in Linux but can be exported to others. Only versions 7.1 and Enterprise Server Edition v8.1 were checked but could affect other versions. Impact: Slight privilege elevation from bin to root. Autho...
IBM DB2 privilege escalation
db2job allows to write any file...
IBM DB2 db2job - File Overwrite
IBM DB2 db2job - File Overwrite source: https://www.securityfocus.com/bid/8344/info IBM's DB2 database ships with a utility called db2job, installed with permissions 4550 and owned by root.db2asgrp. It has been reported that db2job writes to a number of files with root privileges. The files writt...
IBM DB2 - Shared Library Injection
IBM DB2 - Shared Library Injection source: https://www.securityfocus.com/bid/8346/info IBM DB2 ships with a number of shared libraries, stored in a directory owned by the user and group 'bin'. As setuid root utilities are linked to these libraries, their ownership by a user and group of a lower...
IBM DB2 db2job - File Overwrite
source: https://www.securityfocus.com/bid/8344/info IBM's DB2 database ships with a utility called db2job, installed with permissions 4550 and owned by root.db2asgrp. It has been reported that db2job writes to a number of files with root privileges. The files written to are created with 0770...
IBM DB2 - Shared Library Injection
source: https://www.securityfocus.com/bid/8346/info IBM DB2 ships with a number of shared libraries, stored in a directory owned by the user and group 'bin'. As setuid root utilities are linked to these libraries, their ownership by a user and group of a lower privilege level constitutes a...
CVE-2001-1143
CVE-2001-1143 affects IBM DB2 7.0. A remote attacker can cause a denial-of-service (crash) by sending a single byte to (1) db2ccs.exe on port 6790 or (2) db2jds.exe on port 6789. This vulnerability is documented across multiple feeds (NVD, CVE List, Nessus/DOS plugin) with CVSSv2 vector AV:N/AC:L...
CVE-2001-1143
IBM DB2 7.0 allows a remote attacker to cause a denial of service crash via a single byte to 1 db2ccs.exe on port 6790, or 2 db2jds.exe on port 6789...
IBM DB2 Multiple CGI Single Byte Request Remote DoS
It was possible to crash the IBM DB2 database service by connecting to the affected service and sending just one byte to it. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid10871; scriptversion"1.23";...
ibm.db2.dos.txt
IBM DB2 for Windows 98/NT/2000 run 2 services : db2ccs.exe listening on port 6790 and db2jds.exe port 6789. I may be wrong but these services are used to access data remotely and to remotely manage the database. Both can be crashed remotely: just telnet on their port, send one byte and then close...
CVE-2001-1143
IBM DB2 7.0 allows a remote attacker to cause a denial of service crash via a single byte to 1 db2ccs.exe on port 6790, or 2 db2jds.exe on port 6789...
IBM Windows DB2 DoS
Hi everybody. IBM DB2 for Windows 98/NT/2000 run 2 services : db2ccs.exe listening on port 6790 and db2jds.exe port 6789. I may be wrong but these services are used to access data remotely and to remotely manage the database. Both can be crashed remotely: just telnet on their port, send one byte...