37 matches found
iDefense Security Advisory 02.22.07: IBM DB2 Universal Database Multiple Privilege Escalation Vulnerabilities
IBM DB2 Universal Database Multiple Privilege Escalation Vulnerabilities iDefense Security Advisory 02.22.07 http://labs.idefense.com/intelligence/vulnerabilities/ Feb 22, 2007 I. BACKGROUND IBM Corp.'s DB2 Universal Database product is a large database server product commonly used for higher end...
[SA21550] DB2 Universal Database Denial of Service Vulnerabilities
TITLE: DB2 Universal Database Denial of Service Vulnerabilities SECUNIA ADVISORY ID: SA21550 VERIFY ADVISORY: http://secunia.com/advisories/21550/ CRITICAL: Less critical IMPACT: DoS WHERE: From local network SOFTWARE: DB2 Universal Database 8.x http://secunia.com/product/857/ DESCRIPTION: Two...
IBM DB2 Universal Database multiple denial of service conditions
No description provided...
CVE-2005-4737
IBM DB2 Universal Database UDB 820 before ESE AIX 5765F4100 allows remote authenticated users to cause a denial of service CPU consumption by "abnormally" terminating a connection, which prevents db2agents from being properly cleared...
CVE-2005-4735
IBM DB2 Universal Database UDB 810 before 8.1 FP10 allows remote authenticated users to cause a denial of service application crash via 1 certain equality predicates that trigger self-removal, aka IY70808; and 2 a query with more than 32000 elements in the IN-list, aka LI70817...
Multiple IBM DB2 Universal Database vulnerabilities
Server crash on constant string processing in queries; endless loop on hash joins processing; multiple problems with invalid connection termination; unauthorized creation of routine based objects; array overflow on oversized number of elements in 'in' list; db2jd crash on certain clients...
CVE-2005-0417
Unknown "high risk" vulnerability in DB2 Universal Database 8.1 and earlier has unknown impact and attack vectors. NOTE: due to the delayed disclosure of details for this issue, this candidate may be SPLIT in the future. In addition, this may be a duplicate of other issues as reported by the vend...
CVE-2005-0417
Unknown "high risk" vulnerability in DB2 Universal Database 8.1 and earlier has unknown impact and attack vectors. NOTE: due to the delayed disclosure of details for this issue, this candidate may be SPLIT in the future. In addition, this may be a duplicate of other issues as reported by the vend...
CVE-2005-0417
Technical details for CVE-2005-0417 are not publicly available in the provided documents; NVD entries describe unknown impact and delayed disclosure. Monitor for updates.
CVE-2003-1050
Consolidated details from connected documents: IBM DB2 Universal Database 8.1 contains multiple buffer overflows that allow local users to execute arbitrary code via long command line arguments to (1) db2start, (2) db2stop, or (3) db2govd. The vulnerability is local-privilege escalation with pote...
CVE-2002-1583
CVE-2002-1583 describes a local buffer overflow in IBM DB2 Universal Database (DB2 UDB) versions 6.0 and 7.0, triggered by a long username read from a file descriptor argument within sqllib/security/db2ckpw. The underlying issue is a vulnerability in handling the username input that can overflow ...
CVE-2003-1049
CVE-2003-1049 affects IBM DB2 Universal Database 7 before FixPak 12, where DMS directories are created with insecure 777 permissions, allowing local users to modify or delete certain DB2 files. Root cause: insecure directory permissions on DMS components. Impact as per CVSS: partial confidentiali...
CVE-2002-1583
Buffer overflow in sqllib/security/db2ckpw for IBM DB2 Universal Database 6.0 and 7.0 allows local users to execute arbitrary code via a long username that is read from a file descriptor argument...
CVE-2003-1051
CVE-2003-1051 affects IBM DB2 Universal Database 8.1. It describes multiple format-string vulnerabilities that could allow local users to execute arbitrary code via certain command-line arguments to db2start, db2stop, or db2govd. Root cause: format string handling issues in the involved binaries....
CVE-2001-0052
IBM DB2 Universal Database version 6.1 allows users to cause a denial of service via a malformed query...
CVE-2001-0051
CVE-2001-0051 is linked to IBM DB2 UDB 6.1 where a default account/password enables remote access. Connected docs corroborate generic risk through default-db2 credentials (db2as, db2inst1, db2fenc1, etc.) and multiple related CVEs (CVE-1999-0501, CVE-1999-0502, CVE-2001-0051). OpenVAS/Nessus entr...
IBM DB2 SQL DOS
1.Description The DB2 Universal Database builds upon the stability and performance of DB2 on the mainframe and provides the features required in a distributed database product. DB2 Universal Database UDB is IBM's relational database server solution for the UNIX, OS/2 and Windows NT/2000 operating...