ptl-2003-02

ptl-2003-02: Posted Oct 1, 2003; Authored by Matt Moore | Site pentest.co.uk; IBM DB2 version 7.2 for Windows is vulnerable to a stack overflow in the INVOKE command that allows any attacker with Connect privileges to execute arbitrary code as the Administrators group.; tags | advisory, overflow, arbitrary; systems | windows; advisories | CVE-2003-0837; SHA-256 | dff1915f53bfe2f9a06216f85950a93b855ea98e3435b70fda2d599fd7b98496; Download | Favorite | View

ptl-2003-02

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Pentest Limited Security Advisory

IBM DB2 INVOKE Command Stack Overflow Vulnerability


Advisory Details
- ----------------

Title: IBM DB2 INVOKE Command Stack Overflow Vulnerability
Announcement date: 1st October 2003
Advisory Reference: ptl-2003-02
CVE Name: CAN-2003-0837
Product: IBM DB2 Universal Database
Vulnerability Type : Buffer Overflow
Vendor-URL: http://www.ibm.com/data/db2/udb
Vendor-Status: Fixpack Issued
Remotely Exploitable: Yes
Locally Exploitable: Yes
Advisory URL: http://www.pentest.co.uk/


Vulnerability Description
- -------------------------

DB2 is IBM's relational database software. The IBM DB2 INVOKE
command invokes a procedure stored at the location of a database. It
is also known as the Database Application Remote Interface (DARI). The
server procedure executes at the location of the database, and returns
data to the client application.

This command is vulnerable to a stack based overflow that allows an
attacker with "Connect" privileges to the database to execute arbitrary
code on the vulnerable machine in the context of the Administrators
group on Windows NT.

The vulnerability is triggered by issuing a carefully crafted INVOKE
command.

Vulnerable Versions
- -------------------

IBM DB2 Universal Data Base v7.2 for Windows is vulnerable.

The vendor has stated that 'the problem was limited to Windows specific
code in v7 that was replaced in v8. So, the vulnerability does not
affect any of the UNIX or Linux versions, nor does it affect version 8.'

Vendor Status
- -------------

IBM:
- - Pentest Notification: 20-11-2002
- - Notification acknowledged by IBM: 22-11-2002
- - Fixes available from: 17-09-2003

Fix
- ---

Issue is fixed in Fixpak 10a for DB2 v7.2.

Fixpaks are available at:

http://www-3.ibm.com/cgi-bin/db2www/data/db2/udb/winos2unix/support/download.d2w/report

Credit
- ------

This vulnerability was discovered by Matt Moore from Pentest Limited.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQE/ezPK4bMUolR4sycRAmxwAJ4pPb5jpOdEgeq8n/o/DAzpsMSdhwCfVB7f
iJSmNvYevCJbF/6tHcCh+v8=
=ACSr
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 205 files
Ubuntu 84 files
Gentoo 31 files
Debian 21 files
tmrswrr 10 files
Sina Kheirkhah 7 files
bRpsd 4 files
Rodolfo Tavares 4 files
nu11secur1ty 3 files
Google Security Research 3 files

File Archives

Systems

AIX (429)
Apple (2,090)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,078)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,531)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,350)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,266)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,658)
UNIX (9,425)
UnixWare (187)
Windows (6,666)
Other

ptl-2003-02

ptl-2003-02

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

ptl-2003-02

Share This

ptl-2003-02

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems