IBM DB2 JDBC Applet Server远程拒绝服务漏洞

CVE ID：CVE-2009-2971 IBM DB2是一个大型的商业关系数据库系统，面向电子商务、商业资讯、内容管理、客户关系管理等应用，可运行于AIX、HP-UX、Linux、Solaris、Windows等系统。 IBM DB2 JDBC Applet Server服务程序中的jdbcReadString函数存在一个安全漏洞，在转换UNICODE到ANSI字符的时候，没有判断报文中实际的字符串大小，而直接使用报文中的长度域。如果远程攻击者发送特殊构造的JDBC数据，无须认证即可导致JDBC Applet Server退出. IBM DB2 Universal Database...

NSFOCUS SA2009-02 : IBM DB2 JDBC Applet Server Remote DoS Vulnerability

NSFOCUS Security Advisory SA2009-02 IBM DB2 JDBC Applet Server Remote DoS Vulnerability Release Date: 2009-10-16 CVE ID: CVE-2009-2971 http://www.nsfocus.com/en/advisories/0902.html Affected system: ============== IBM DB2 Universal Database v8.1 Fixpak 15 v8.2 Fixpak 8 and lower versions IBM DB2...

Race condition

Multiple race conditions in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allow local users to gain root privileges via a symlink attack on certain files...

Directory traversal

Directory traversal vulnerability in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allows local users to create arbitrary files via a .. dot dot in an unspecified environment variable, which is appended to "/tmp/" and used as a log file. NOTE: this issue might be related to symlink...

Design/Logic Flaw

Multiple vulnerabilities in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allow local users to create arbitrary files via 1 unspecified vectors where an attacker's umask is honored, 2 /etc/ld.so.preload, 3 certain "cron data file locations", and other unspecified vectors possibly involvi...

Authorization

IBM DB2 UDB 8 before Fixpak 15 does not properly check authorization, which allows remote authenticated users with a certain SELECT privilege to have an unknown impact via unspecified vectors. NOTE: this issue is probably related to CVE-2007-1089, but this is uncertain due to lack of details...

CVE-2007-4270

Multiple race conditions in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allow local users to gain root privileges via a symlink attack on certain files...

CVE-2007-4273

IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allows local users to create arbitrary directories and execute arbitrary code via a "crafted localized message file" that enables a format string attack, possibly involving the 1 OSSEMEMDBG or 2 TRCLOGFILE environment variable in db2licd...

CVE-2007-4418

IBM DB2 UDB 8 prior to Fixpak 15 is reported to fail an authorization check, allowing remote authenticated users with a specific SELECT privilege to trigger an unknown impact via unspecified vectors. The entry notes a possible relation to CVE-2007-1089, but details are unclear. The provided conne...

CVE-2007-4275

IBM DB2 UDB 8.x (Fixpak 15) and 9.1 (Fixpak 3) have multiple local privilege-escalation vulnerabilities due to untrusted search paths and environment-based file/binary loading. Exploitable vectors include startup of the DB2 instance or FMP on Linux/Solaris, execution of executables while running ...

CVE-2007-4271

Directory traversal vulnerability in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allows local users to create arbitrary files via a .. dot dot in an unspecified environment variable, which is appended to "/tmp/" and used as a log file. NOTE: this issue might be related to symlink...