90 matches found
CVE-2007-4270
Multiple race conditions in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allow local users to gain root privileges via a symlink attack on certain files...
CVE-2007-4423
Stack-based buffer overflow in the AUTHLISTGROUPSFORAUTHID function in IBM DB2 UDB 9.1 before Fixpak 3 allows attackers to cause a denial of service and possibly execute arbitrary code via a long argument...
CVE-2007-4275
Multiple untrusted search path vulnerabilities in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allow local users to gain privileges via certain vectors related to 1 DB2 instance or FMP startup on Linux and Solaris; 2 exec of executables while running as root on non-Windows systems, as...
CVE-2007-4273
IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allows local users to create arbitrary directories and execute arbitrary code via a "crafted localized message file" that enables a format string attack, possibly involving the 1 OSSEMEMDBG or 2 TRCLOGFILE environment variable in db2licd...
CVE-2007-4271
Directory traversal vulnerability in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allows local users to create arbitrary files via a .. dot dot in an unspecified environment variable, which is appended to "/tmp/" and used as a log file. NOTE: this issue might be related to symlink...
CVE-2007-4418
IBM DB2 UDB 8 prior to Fixpak 15 is reported to fail an authorization check, allowing remote authenticated users with a specific SELECT privilege to trigger an unknown impact via unspecified vectors. The entry notes a possible relation to CVE-2007-1089, but details are unclear. The provided conne...
CVE-2007-4275
IBM DB2 UDB 8.x (Fixpak 15) and 9.1 (Fixpak 3) have multiple local privilege-escalation vulnerabilities due to untrusted search paths and environment-based file/binary loading. Exploitable vectors include startup of the DB2 instance or FMP on Linux/Solaris, execution of executables while running ...
IBM DB2 < 8.1 FixPak 12 EXCSAT Long MGRLVLLS Message Remote DoS
According to its version, the installation of IBM DB2 running on the remote host may crash when it attempts to process a specially crafted CONNECT or ATTACH request sent during the initial handshake process. An unauthenticated, remote attacker can exploit this issue to overflow a buffer and crash...
[Full-disclosure] Details for BID 18428
DB2 UDB - Unauthenticated Buffer Overflow and DoS BID 18428 Background DB2 Universal Database UDBtm is a popular database software package from IBM available for legacy platforms as well as open systems Unix and Windows. Clients use a protocol called DRDA to communicate with the DB2 UDB server...
[SA21550] DB2 Universal Database Denial of Service Vulnerabilities
TITLE: DB2 Universal Database Denial of Service Vulnerabilities SECUNIA ADVISORY ID: SA21550 VERIFY ADVISORY: http://secunia.com/advisories/21550/ CRITICAL: Less critical IMPACT: DoS WHERE: From local network SOFTWARE: DB2 Universal Database 8.x http://secunia.com/product/857/ DESCRIPTION: Two...
CVE-2006-3067
Multiple unspecified vulnerabilities in IBM DB2 Universal Database UDB before 8.1 FixPak 12 allow remote attackers to cause a denial of service application crash via a 1 "long column list" in the a REPLACE INTO and b INSERT INTO portions of the LOAD command or a 2 large number of values in an IN...
CVE-2006-3068
IBM DB2 Universal Database (UDB) before 8.2 FixPak 12 is affected by a remote denial of service due to a memory overwrite caused by sending "incorrect information" about the package name/creator. This CVE involves a flaw in how the database handles certain crafted input, leading to an application...
CVE-2006-3067
Multiple unspecified vulnerabilities in IBM DB2 Universal Database UDB before 8.1 FixPak 12 allow remote attackers to cause a denial of service application crash via a 1 "long column list" in the a REPLACE INTO and b INSERT INTO portions of the LOAD command or a 2 large number of values in an IN...
[SA20579] DB2 Universal Database Multiple Denial of Service Vulnerabilities
---------------------------------------------------------------------- Want to join the Secunia Security Team? Secunia offers a position as a security specialist, where your daily work involves reverse engineering of software and exploit code, auditing of source code, and analysis of vulnerabilit...
CVE-2005-4740
IBM DB2 Universal Database (UDB) 810 before version 8 FixPak 10 is affected: remote authenticated users can cause a denial of service (db2jd service crash) by connecting from a downlevel client. The connected sources do not provide a specific fix version or mitigation; monitor for an official pat...
CVE-2005-4739
IBM DB2 Universal Database UDB 820 before version 8 FixPak 10 s050811 allows remote authenticated users to cause a denial of service application crash by using a table function for an instance of snapshottbreorg, which triggers a trap in sqlnrEStoEaction...
CVE-2005-4740
IBM DB2 Universal Database UDB 810 before version 8 FixPak 10 allows remote authenticated users to cause a denial of service db2jd service crash by "connecting from a downlevel client."...
[SA17031] DB2 Universal Database Multiple Denial of Service Vulnerabilities
TITLE: DB2 Universal Database Multiple Denial of Service Vulnerabilities SECUNIA ADVISORY ID: SA17031 VERIFY ADVISORY: http://secunia.com/advisories/17031/ CRITICAL: Less critical IMPACT: Security Bypass, DoS WHERE: From local network SOFTWARE: DB2 Universal Database 8.x...
[VulnWatch] Patch available for high risk IBM DB2 Universal Database flaw
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Researchers at NGSSoftware have discovered a high risk vulnerability in IBM's DB2 Universal Database Version 8.1 and earlier. IBM has just released Fixpak 8 for DB2 UDB 8.1 which addresses the security flaw...
[VulnWatch] Patch available for IBM DB2 Universal Database flaws
Researchers at NGSSoftware have discovered multiple critical/high risk vulnerabilities in IBM's DB2 Universal Database. Versions affected include DB2 8.1 Fixpak 6 and earlier DB2 7.x Fixpak 11 and earlier Two of the issues, remotely exploitable buffer overflows, have been fixed in Fixpak 7 for DB...