SecurityFocus BUGTRAQ Mailing List: BugTraqLink Number One Link Number One Link Number Two Link Number Two Link Number One Link Number One Link Number Two Link Number Two Entire Site Advisories Calendar Columnists Elsewhere Guest Feature Infocus Library Links Mailing Lists (all) -- BUGTRAQ -- FOCUS-IDS -- FOCUS-IH -- FOCUS-LINUX -- FOCUS-MS -- FOCUS-SUN -- FOCUS-VIRUS -- FORENSICS -- INCIDENTS -- PEN-TEST -- SEC JOBS -- SF NEWS -- VULN-DEV News Products Services Tools Vulns BUGTRAQ ARCHIVE [ Message Index ] [ Thread Index ][ Reply ] [ prev Msg by Date ][ next Msg by Date ] To: BugTraq Subject: ptl-2003-02: IBM DB2 INVOKE Command Stack Overflow Vulnerability Date: Oct 1 2003 8:06PM Author: Pentest Security Advisories Message-ID: <3F7B33CA.6010600@pentest.co.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Pentest Limited Security Advisory IBM DB2 INVOKE Command Stack Overflow Vulnerability Advisory Details - ---------------- Title: IBM DB2 INVOKE Command Stack Overflow Vulnerability Announcement date: 1st October 2003 Advisory Reference: ptl-2003-02 CVE Name: CAN-2003-0837 Product: IBM DB2 Universal Database Vulnerability Type : Buffer Overflow Vendor-URL: http://www.ibm.com/data/db2/udb Vendor-Status: Fixpack Issued Remotely Exploitable: Yes Locally Exploitable: Yes Advisory URL: http://www.pentest.co.uk/ Vulnerability Description - ------------------------- DB2 is IBM's relational database software. The IBM DB2 INVOKE command invokes a procedure stored at the location of a database. It is also known as the Database Application Remote Interface (DARI). The server procedure executes at the location of the database, and returns data to the client application. This command is vulnerable to a stack based overflow that allows an attacker with "Connect" privileges to the database to execute arbitrary code on the vulnerable machine in the context of the Administrators group on Windows NT. The vulnerability is triggered by issuing a carefully crafted INVOKE command. Vulnerable Versions - ------------------- IBM DB2 Universal Data Base v7.2 for Windows is vulnerable. The vendor has stated that 'the problem was limited to Windows specific code in v7 that was replaced in v8. So, the vulnerability does not affect any of the UNIX or Linux versions, nor does it affect version 8.' Vendor Status - ------------- IBM: - - Pentest Notification: 20-11-2002 - - Notification acknowledged by IBM: 22-11-2002 - - Fixes available from: 17-09-2003 Fix - --- Issue is fixed in Fixpak 10a for DB2 v7.2. Fixpaks are available at: http://www-3.ibm.com/cgi-bin/db2www/data/db2/udb/winos2unix/support/download.d2w/report Credit - ------ This vulnerability was discovered by Matt Moore from Pentest Limited. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQE/ezPK4bMUolR4sycRAmxwAJ4pPb5jpOdEgeq8n/o/DAzpsMSdhwCfVB7f iJSmNvYevCJbF/6tHcCh+v8= =ACSr -----END PGP SIGNATURE----- Want to link to this message? Use this URL: Disclaimer, Terms & Conditions About this List Featured Lists: ARIS Users bugtraq bugtraq-es bugtraq-french NEW bugtraq-jp firewalls focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics forensics-es honeypots incidents libnet pen-test secevents secpapers secprog sectools secureshell security-basics security-management NEW securityjobs vpn vuln-dev webappsec Newsletters: sf-news ms-secnews linux-secnews [ more . . . ] Privacy Statement Copyright © 1999-2003 SecurityFocus