Security Bulletin: Buffer overflow in IBM® Db2® tool db2licm (CVE-2018-1710).

Summary The Db2 tool db2licm is vulnerable to a buffer overflow. Vulnerability Details CVEID: CVE-2018-1710 DESCRIPTION: IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server tool db2licm is affected by buffer overflow vulnerability that can potentially result in arbitrary code executio...

Buffer overflow

IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server 10.1, 10.5, and 11.1 tool db2licm is affected by buffer overflow vulnerability that can potentially result in arbitrary code execution. IBM X-Force ID: 146364...

CVE-2018-1710

CVE-2018-1710 affects IBM Db2 for Linux/UNIX/Windows (including DB2 Connect Server) specifically the db2licm tool on 10.1, 10.5 and 11.1. Root cause is a buffer overflow in db2licm that can lead to arbitrary code execution. IBM IBM X-Force ID 146364 and IBM security bulletin details confirm affec...

CVE-2009-4330

IBM DB2 9.5 before FP5 is vulnerable in the Engine Utilities component (db2licm) with an unspecified impact and local attack vectors. Affected product/version: IBM DB2 UDB 9.5 prior to Fix Pack 5. Underlying issue: unspecified vulnerability in db2licm; CVSSv2 base 7.2 (LOCAL, HIGH). Remediation: ...

Design/Logic Flaw

Multiple vulnerabilities in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allow local users to create arbitrary files via 1 unspecified vectors where an attacker's umask is honored, 2 /etc/ld.so.preload, 3 certain "cron data file locations", and other unspecified vectors possibly involvi...

Format string

IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allows local users to create arbitrary directories and execute arbitrary code via a "crafted localized message file" that enables a format string attack, possibly involving the 1 OSSEMEMDBG or 2 TRCLOGFILE environment variable in db2licd...

Design/Logic Flaw

Multiple untrusted search path vulnerabilities in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allow local users to gain privileges via certain vectors related to 1 DB2 instance or FMP startup on Linux and Solaris; 2 exec of executables while running as root on non-Windows systems, as...

CVE-2007-4275

Multiple untrusted search path vulnerabilities in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allow local users to gain privileges via certain vectors related to 1 DB2 instance or FMP startup on Linux and Solaris; 2 exec of executables while running as root on non-Windows systems, as...

CVE-2007-4273

IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allows local users to create arbitrary directories and execute arbitrary code via a "crafted localized message file" that enables a format string attack, possibly involving the 1 OSSEMEMDBG or 2 TRCLOGFILE environment variable in db2licd...