66 matches found
CVE-2007-4276
CVE-2007-4276: A stack-based buffer overflow in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allows local attackers to execute arbitrary code by sending a long value via the DASPROF environment variable (and possibly others) that is copied into the buildDasPaths buffer. Affected product...
CVE-2001-0051
CVE-2001-0051 is linked to IBM DB2 UDB 6.1 where a default account/password enables remote access. Connected docs corroborate generic risk through default-db2 credentials (db2as, db2inst1, db2fenc1, etc.) and multiple related CVEs (CVE-1999-0501, CVE-1999-0502, CVE-2001-0051). OpenVAS/Nessus entr...
CVE-2003-0827
CVE-2003-0827 concerns the IBM DB2 Discovery Service. The DB2 discovery service on UDP port 523 can be crashed by a remote attacker sending a long UDP packet, causing a denial of service. The issue is associated with IBM DB2 before FixPak 10a. OpenVAS entries corroborate a UDP-based DoS affecting...
CVE-2007-4270
CVE-2007-4270 affects IBM DB2 Universal Database (UDB) 8 before Fixpak 15 and 9.1 before Fixpak 3. Local users can elevate to root via a race condition involving symbolic links when handling privileged files. The issue is documented in multiple sources, including NVD and iDefense advisories, with...
CVE-2007-4275
IBM DB2 UDB 8.x (Fixpak 15) and 9.1 (Fixpak 3) have multiple local privilege-escalation vulnerabilities due to untrusted search paths and environment-based file/binary loading. Exploitable vectors include startup of the DB2 instance or FMP on Linux/Solaris, execution of executables while running ...
CVE-2006-6638
CVE-2006-6638 affects IBM DB2 UDB 8.1 before FixPak 14. A remote attacker can trigger a denial of service by sending a crafted SQLJRA packet, leading to a NULL pointer dereference in the sqle_db2ra_as_recvrequest function in DB2ENGN.DLL. This is the same issue described in CVE-2006-4257 family bu...
CVE-2007-5757
The CVE-2007-5757 issue concerns IBM DB2 UDB and specifically the db2pd component. A untrusted search path allows a local user to gain root privileges by manipulating the DB2INSTANCE environment variable to point to a malicious library. Affected versions are IBM DB2 UDB 8 before FixPak 16 and 9 b...
CVE-2007-4271
CVE-2007-4271 affects IBM DB2 Universal Database 8 (before Fixpak 15) and 9.1 (before Fixpak 3). Local attackers can cause directory traversal by an environment variable appended to /tmp/ for log file creation, enabling arbitrary file creation and potential privilege escalation via setuid-root bi...
CVE-2007-5664
DB2 DB2 Administration Server (DAS) component db2dasrrm is vulnerable to a local, symlink-based file-overwrite during initialization. Affected versions are IBM DB2 Universal Database: 9.5 before Fix Pack 1, 9.1 before Fix Pack 4a, and 8 before FixPak 16. The underlying issue allows a local user t...
CVE-2007-1089
CVE-2007-1089 affects IBM DB2 Universal Database (UDB) 9.1 GA through 9.1 FP1. The vulnerability arises when local users with table SELECT privileges can execute unauthorized UPDATE and DELETE SQL commands via unknown vectors. Affected component appears to be the database access/authorization pat...
CVE-2008-3852
CVE-2008-3852 affects IBM DB2 Server via the CLR stored procedure deployment feature of IBM Database Add-Ins for Visual Studio. A vulnerability in IBM DB2 9.1 before Fixpak 5 and 9.5 before Fixpak 2 allows remote authenticated users to execute arbitrary code through unknown vectors in the CLR dep...
CVE-2001-1143
CVE-2001-1143 affects IBM DB2 7.0. A remote attacker can cause a denial-of-service (crash) by sending a single byte to (1) db2ccs.exe on port 6790 or (2) db2jds.exe on port 6789. This vulnerability is documented across multiple feeds (NVD, CVE List, Nessus/DOS plugin) with CVSSv2 vector AV:N/AC:L...
CVE-2003-0759
CVE-2003-0759 describes a local privilege escalation in IBM DB2 Universal Data Base 7.2 for Linux (x86 and s390) via a stack-based buffer overflow in the setuid binary db2licm. The issue is triggered by a long command line and can grant root privileges. Vendor fixes are provided in Fixpak 10a for...
CVE-2007-4418
IBM DB2 UDB 8 prior to Fixpak 15 is reported to fail an authorization check, allowing remote authenticated users with a specific SELECT privilege to trigger an unknown impact via unspecified vectors. The entry notes a possible relation to CVE-2007-1089, but details are unclear. The provided conne...
CVE-2007-4423
CVE-2007-4423 : A stack-based buffer overflow in IBM DB2 UDB 9.1 (prior to Fixpak 3) occurs in the AUTH_LIST_GROUPS_FOR_AUTHID function. This vulnerability allows denial of service and may enable arbitrary code execution via a long argument. Affected product/version: IBM DB2 UDB 9.1 before Fixpak...
CVE-2007-6045
CVE-2007-6045 affects IBM DB2 UDB 9.1 before Fixpak 4, specifically the DB2WATCH and DB2FREEZE components. The description states an unspecified vulnerability with unknown impact and attack vectors; no explicit exploitation details, affected versions beyond the mentioned FixPak, or remediation ar...
CVE-2007-6053
CVE-2007-6053 affects IBM DB2 UDB 9.1 before Fixpak 4, where handling of a large number of file descriptors is not robust, potentially leading to memory corruption. The vendor description is vague, and the available documents do not provide a confirmed security impact, exploit details, or a state...
CVE-2001-0052
IBM DB2 Universal Database 6.1 is affected by CVE-2001-0052, where a malformed query can cause a denial of service. Affected product: IBM DB2 UDB 6.1. Vulnerability type: denial of service via malformed query. Root cause details are not provided in the supplied documents. Exploitation status and ...
CVE-2003-1049
CVE-2003-1049 affects IBM DB2 Universal Database 7 before FixPak 12, where DMS directories are created with insecure 777 permissions, allowing local users to modify or delete certain DB2 files. Root cause: insecure directory permissions on DMS components. Impact as per CVSS: partial confidentiali...
CVE-2004-1372
CVE-2004-1372 affects IBM DB2 7.x and 8.1. multiple stack-based buffer overflows allow local users to execute arbitrary code via (1) a long third argument to rec2xml, or (2) a long filename argument to generate_distfile. Root cause is stack-based overflow in these input paths; impact is local cod...
CVE-2005-4736
CVE-2005-4736 affects IBM DB2 Universal Database (UDB) 8.2 until FP10. The vulnerability allows remote authenticated users to cause a denial of service (disk consumption) by triggering an infinite loop in the hash-join path (hsjn) through sqlri_hsjnFlushBlocks. The issue is tied to the specific h...
CVE-2007-6048
CVE-2007-6048 : IBM DB2 UDB 9.1 before Fixpak 4 allegedly uses incorrect permissions on ACLs for DB2NODES.CFG. The NVD entry notes unknown impact and attack vectors; connected sources also reference this ACL issue among several vulnerabilities in DB2 9.x before Fix Pack 4. No explicit exploitatio...
CVE-2008-3858
The CVE-2008-3858 entry concerns IBM DB2 9.1’s Downlevel DB2RA Support component. A crafted CONNECT data stream simulating a V7 client connect request can remotely cause an instance crash (DoS) prior to Fixpak 4a. The description does not provide details on affected subcomponents beyond this, nor...
CVE-2007-4273
CVE-2007-4273 affects IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3. Local attackers could create arbitrary directories and execute arbitrary code by supplying a crafted localized message file that enables a format-string attack, potentially involving the OSSEMEMDBG or TRC_LOG_FILE envir...
CVE-2003-0836
CVE-2003-0836 concerns IBM DB2 Universal Database: a stack-based buffer overflow in the LOAD command. Affected versions are DB2 UDB v7.2 before Fixpak 10/10a and v8.1 before Fixpak 2. An attacker with Connect privileges can execute arbitrary code. IBM fixed the issue via Fixpak 10/10a for v7.2 an...
CVE-2010-3739
The CVE-2010-3739 issue affects IBM DB2 UDB 9.5 prior to Fix Pack 6a, where the audit facility in the Security component uses instance-level audit settings to capture CONNECT/AUTHENTICATION events in cases where database-level settings were intended. This could allow remote attackers to connect w...
CVE-2009-0172
CVE-2009-0172 affects IBM DB2 Server: versions 8 (before FP17a), 9.1 (before FP6a), and 9.5 (before FP3a) are vulnerable to a denial-of-service by processing a crafted DRDA CONNECT data stream. The root cause is insufficient input validation in handling malformed CONNECT data, which can cause the...
CVE-2005-0417
Technical details for CVE-2005-0417 are not publicly available in the provided documents; NVD entries describe unknown impact and delayed disclosure. Monitor for updates.
CVE-2007-6046
CVE-2007-6046 concerns IBM DB2 UDB 9.1 before Fixpak 4, with an unspecified vulnerability in unspecified setuid programs. The issue allows local users to impact the system in an unspecified manner. Documented details indicate the vulnerability is local-exploit, with no explicit vector, scope, or ...
CVE-2008-3853
CVE-2008-3853 is a buffer overflow in the IBM DB2 DAS (Database Administration Server) component that affected multiple DB2 releases. Connected documents show the root cause as a memory corruption/overflow in the DAS handling of remote administration requests, allowing a remote attacker to crash ...
CVE-2009-4150
CVE-2009-4150 describes a local vulnerability in IBM DB2 where the component/function dasauto can be exploited by unprivileged user accounts to achieve code execution on affected versions (DB2 8 before FP18; 9.1 before FP8; 9.5 before FP4; 9.7 before FP1). The impact is unspecified in the provide...
CVE-2005-4735
IBM DB2 Universal Database (UDB) 8.1 Release 810 before 8.1 FP10 is affected by a DoS vulnerability reported as CVE-2005-4735. The issue allows remote authenticated users to crash the application via two input-based vectors: (1) certain equality predicates that trigger self-removal (IY70808) and ...
CVE-2006-3068
IBM DB2 Universal Database (UDB) before 8.2 FixPak 12 is affected by a remote denial of service due to a memory overwrite caused by sending "incorrect information" about the package name/creator. This CVE involves a flaw in how the database handles certain crafted input, leading to an application...
CVE-2008-3856
The CVE-2008-3856 entry concerns IBM DB2 on Unix/Linux where the db2fmp process does not change its ownership for DB2 versions 8 before FP17, 9.1 before FP5, and 9.5 before FP1. The underlying cause is stated as an ownership handling issue, with unknown impact and attack vectors; the provided doc...
CVE-2007-6051
CVE-2007-6051 concerns IBM DB2 UDB 9.1 before Fixpak 4, where privileges are assigned to the DB2ADMNS and DB2USERS groups in an incorrect way. The sources confirm the affected product and version but state the impact is unknown and that vendor descriptions are too vague to determine if it is secu...
CVE-2008-3854
CVE-2008-3854 affects IBM DB2 UDB (DB2 9.1 before Fix Pak 5 and 9.5 before Fixpak 1). The vulnerability consists of multiple stack-based buffer overflows in XML-related SQL semantics (XMLQUERY, XMLEXISTS, XMLTABLE) and the sqlrlaka function, allowing remote attackers to cause a denial of service ...
CVE-2004-0795
CVE-2004-0795 affects IBM DB2 Universal Database 8.1: the DB2RCMD remote command server (DB2REMOTECMD named pipe) can cause the db2rcmdc.exe process to run as the db2admin administrator, enabling a locally authenticated user to gain privileges. Public references describe an exploit path via the D...
CVE-2006-3066
CVE-2006-3066 affects IBM DB2 Universal Database (UDB) prior to 8.1 FixPak 12. The issue is a buffer overflow in the TCP/IP listener triggered by a long MGRLVLLS message inside an EXCSAT during connection establishment, which may allow a remote attacker to cause an application crash (DoS). This v...
CVE-2005-4737
CVE-2005-4737 affects IBM DB2 Universal Database (UDB) 8.2 before ESE AIX 5765F4100. The issue allows remote authenticated users to cause a denial of service (CPU consumption) by abnormally terminating a connection, which prevents db2agents from being properly cleared. Documentation consistently ...
CVE-2005-4863
CVE-2005-4863 describes a stack-based buffer overflow in IBM DB2’s db2fmp component, enabling local users to execute arbitrary code via a long parameter. Affected products include IBM DB2 Universal Database 7.x and 8.x (DB2 8.1). Root cause is a buffer overflow in db2fmp; impact is arbitrary code...
CVE-2005-4864
CVE-2005-4864 describes a stack-based buffer overflow in IBM DB2 UDB 7.x and 8.1, triggered by a long DB2LPORT environment variable in the libdb2.so library. This vulnerability allows local users to execute arbitrary code with the privileges of the running DB2 process. Affected product/version: I...
CVE-2005-4868
The CVE-2005-4868 entry affects IBM DB2 8.1. Shared memory sections and events have default read/write permissions for the Everyone group, enabling local users to gain unauthorized access and potentially view sensitive data (e.g., cleartext passwords) and cause a denial of service. Exploitation i...
CVE-2007-1086
IBM DB2 vulnerable components: 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2. Local users can create or modify arbitrary files via unsafe file access controlled by unspecified environment variables. Root cause: environment-variable handling allows file writes. Impact is limited to local atta...
CVE-2007-6049
IBM DB2 UDB 9.1 before Fixpak 4 is affected by an unspecified vulnerability in the SSL LOAD GSKIT action that involves a call to dlopen when the effective UID is root. The issue is reported in CVE-2007-6049; the impact details are not fully disclosed in the provided documents beyond the initial d...
CVE-2007-6050
CVE-2007-6050 affects IBM DB2 UDB 9.1 prior to Fixpak 4, specifically the DB2LICD component. The vulnerability is described as unspecified and related to the creation of an ‘insecure directory’ . The NVD metrics indicate a local attack vector with potential complete confidentiality, integrity, an...
CVE-2003-0758
IBM DB2 Universal Data Base v7.2 for Linux/x86 and Linux/s390 are vulnerable to a local buffer-overflow in two setuid binaries, db2dart and db2licm. A long command-line argument can cause a stack-based overflow, allowing a local attacker to execute arbitrary code with root privileges. Affected ve...
CVE-2005-3643
CVE-2005-3643 affects the IBM DB2 Database Server running on Windows XP with Simple File Sharing enabled . The vulnerability allows remote attackers to bypass authentication and log on to the guest account without a password . The connected/available documents provide the impact description but d...
CVE-2007-4272
CVE-2007-4272 involves multiple local vulnerabilities in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3. The issues allow local users to create arbitrary files via several vectors: (1) vectors where an attacker’s umask is honored, (2) using /etc/ld.so.preload, (3) specific cron data file ...
CVE-2007-5758
CVE-2007-5758 describes a stack-based buffer overflow in the IBM DB2 Universal Database component db2dasrrm (DAS) that can be triggered by a long DASPROF environment variable. Affected are DB2 UDB 9.5 before Fix Pack 1, 9.1 before Fix Pack 4a, and 8 before FixPak 16. Local users could execute arb...
CVE-2009-0173
CVE-2009-0173 affects IBM DB2 server components (8.x before FP17a, 9.1 before FP6a, 9.5 before FP3a). The vulnerability is a denial-of-service caused by insufficient input validation when processing malformed DRDA data streams, allowing remote authenticated users to cause the server to terminate....