IBM DB2 db2dart binary buffer overflow could allow execution of code
| ibm-db2-db2dart-bo (13218) |  High Risk |
Description:
IBM DB2 Universal Database for Linux is vulnerable to a stack-based buffer overflow, caused by a vulnerability in the db2dart binary. A local attacker can pass an overly long string to the db2dart binary using a command line option to overflow a buffer and execute arbitrary code on the system with root privileges.
Consequences:
Gain Privileges
Remedy:
For DB2 for Linux version 7.2:
Apply DB2 version 7.2, FixPak 10a, available from the IBM Web site. See References.
References:
- CIAC Information Bulletin N-154: IBM DB2 Buffer Overflow Vulnerabilities.
- Core Security Technologies Advisory CORE-2003-0531: Multiple IBM DB2 Stack Overflow Vulnerabilities.
- IBM Web site: Fixes by version for DB2 UDB for Linux, UNIX and Windows.
- BID-8552: IBM DB2 db2dart Buffer Overflow Vulnerability
- CVE-2003-0758: Buffer overflow in db2dart in IBM DB2 Universal Data Base 7.2 before Fixpak 10 allows local users to gain root privileges via a long command line argument.
Platforms Affected:
- IBM DB2 7.2
Reported:
Sep 18, 2003
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net