CVE-2008-1998

The NNSTAT aka SYSPROC.NNSTAT procedure in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 on Windows allows remote authenticated users to overwrite arbitrary files via the log file parameter...

CVE-2008-1998

The NNSTAT aka SYSPROC.NNSTAT procedure in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 on Windows allows remote authenticated users to overwrite arbitrary files via the log file parameter...

CVE-2008-1998

CVE-2008-1998 affects IBM DB2 prior to FP16 on 8.x, prior to FP4a on 9.1, and prior to FP1 on 9.5 (Windows). The NNSTAT (SYSPROC.NNSTAT) procedure can be abused by remote authenticated users to overwrite arbitrary files via the log file parameter. No explicit exploit details or in-the-wild status...

IBM DB2数据库NNSTAT过程任意文件覆盖漏洞

BUGTRAQ ID: 28836 IBM DB2是一个大型的商业关系数据库系统，面向电子商务、商业资讯、内容管理、客户关系管理等应用，可运行于AIX、HP-UX、Linux、Solaris、Windows等系统。 DB2默认所安装的NNSTAT过程用于检索昵称的当前可用统计，如果通过认证的攻击者提供已有文件作为日志文件参数的话，就会导致在系统上覆盖任意文件。 IBM DB2 Universal Database 9.5 IBM DB2 Universal Database 9.1 IBM DB2 Universal Database 8.0 IBM ---...