90 matches found
CVE-2003-1049
CVE-2003-1049 affects IBM DB2 Universal Database 7 before FixPak 12, where DMS directories are created with insecure 777 permissions, allowing local users to modify or delete certain DB2 files. Root cause: insecure directory permissions on DMS components. Impact as per CVSS: partial confidentiali...
CVE-2003-0836
Stack-based buffer overflow in IBM DB2 Universal Data Base 7.2 before Fixpak 10 and 10a, and 8.1 before Fixpak 2, allows attackers with "Connect" privileges to execute arbitrary code via a LOAD command...
CVE-2003-0898
Affected software: IBM DB2 7.2 prior to FixPak 10a, and older versions including 7.1. Vulnerability: local users can overwrite arbitrary files and escalate privileges via a symlink attack on the db2job and db2job2 utilities. Root cause: insufficient access control around symbolic links leading to...
CVE-2003-0836
CVE-2003-0836 concerns IBM DB2 Universal Database: a stack-based buffer overflow in the LOAD command. Affected versions are DB2 UDB v7.2 before Fixpak 10/10a and v8.1 before Fixpak 2. An attacker with Connect privileges can execute arbitrary code. IBM fixed the issue via Fixpak 10/10a for v7.2 an...
PT-2003-1903 · Ibm · Ibm Db2 Universal Database
Name of the Vulnerable Software and Affected Versions: IBM DB2 Universal Data Base versions 7.2 before Fixpak 10 and 10a IBM DB2 Universal Data Base versions 8.1 before Fixpak 2 Description: A stack-based buffer overflow issue allows attackers with Connect privileges to execute arbitrary code via...
ptl-2003-02: IBM DB2 INVOKE Command Stack Overflow Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Pentest Limited Security Advisory IBM DB2 INVOKE Command Stack Overflow Vulnerability Advisory Details - ---------------- Title: IBM DB2 INVOKE Command Stack Overflow Vulnerability Announcement date: 1st October 2003 Advisory Reference: ptl-2003-02 CV...
ptl-2003-01: IBM DB2 LOAD Command Stack Overflow Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Pentest Limited Security Advisory IBM DB2 LOAD Command Stack Overflow Vulnerability Advisory Details - ---------------- Title: IBM DB2 LOAD Command Stack Overflow Vulnerability Announcement date: 1st October 2003 Advisory Reference: ptl-2003-01 CVE...
CVE-2003-0827
CVE-2003-0827 concerns the IBM DB2 Discovery Service. The DB2 discovery service on UDP port 523 can be crashed by a remote attacker sending a long UDP packet, causing a denial of service. The issue is associated with IBM DB2 before FixPak 10a. OpenVAS entries corroborate a UDP-based DoS affecting...
AppSecInc Security Alert: Denial of Service Vulnerability in DB2 Discovery Service
Denial of Service Vulnerability in DB2 Discovery Service To determine if you should apply this patch, download AppDetective for DB2 from http://www.appsecinc.com/products/appdetective/db2/ Risk level: Low Summary: IBM DB2 provides a UDP service used as a discovery service for locating DB2 databas...
CVE-2003-0758
IBM DB2 Universal Data Base v7.2 for Linux/x86 and Linux/s390 are vulnerable to a local buffer-overflow in two setuid binaries, db2dart and db2licm. A long command-line argument can cause a stack-based overflow, allowing a local attacker to execute arbitrary code with root privileges. Affected ve...