Notifications pour un CVE
Restez informé de toutes modifications pour un CVE spécifique.
Descriptions du CVE
Multiple buffer overflows in IBM DB2 Universal Database 8.1 may allow local users to execute arbitrary code via long command line arguments to (1) db2start, (2) db2stop, or (3) db2govd.
Informations du CVE
Métriques
| Métriques | Score | Gravité | CVSS Vecteur | Source |
|---|---|---|---|---|
| V2 | 7.2 | AV:L/AC:L/Au:N/C:C/I:C/A:C | [email protected] |
EPSS
EPSS est un modèle de notation qui prédit la probabilité qu'une vulnérabilité soit exploitée.
Score EPSS
Le modèle EPSS produit un score de probabilité compris entre 0 et 1 (0 et 100 %). Plus la note est élevée, plus la probabilité qu'une vulnérabilité soit exploitée est grande.
Percentile EPSS
Le percentile est utilisé pour classer les CVE en fonction de leur score EPSS. Par exemple, une CVE dans le 95e percentile selon son score EPSS est plus susceptible d'être exploitée que 95 % des autres CVE. Ainsi, le percentile sert à comparer le score EPSS d'une CVE par rapport à d'autres CVE.
Informations sur l'Exploit
Exploit Database EDB-ID : 23349
Date de publication : 2003-11-06 23h00 +00:00
Auteur : SNOSoft
EDB Vérifié : Yes
source: https://www.securityfocus.com/bid/8990/info
IBM DB2 has been reported to be prone to multiple buffer overflow vulnerabilities that present themselves in binaries that are shipped with DB2. The vulnerabilities are likely caused due to a lack of sufficient boundary checks performed on user supplied command-line arguments before they are copied into a reserved buffer in memory. It has been reported that by supplying arguments of excessive length to the respective vulnerable executables a local attacker may trigger the execution of arbitrary attacker-supplied instructions with elevated privileges.
[db2inst1@RiotStarter adm]$ ./db2govd stop a `perl -e 'print "A" x 65'`
Segmentation fault
Exploit Database EDB-ID : 23347
Date de publication : 2003-11-06 23h00 +00:00
Auteur : SNOSoft
EDB Vérifié : Yes
source: https://www.securityfocus.com/bid/8990/info
IBM DB2 has been reported to be prone to multiple buffer overflow vulnerabilities that present themselves in binaries that are shipped with DB2. The vulnerabilities are likely caused due to a lack of sufficient boundary checks performed on user supplied command-line arguments before they are copied into a reserved buffer in memory. It has been reported that by supplying arguments of excessive length to the respective vulnerable executables a local attacker may trigger the execution of arbitrary attacker-supplied instructions with elevated privileges.
[kf@RiotStarter adm]$ source /home/db2inst1/sqllib/db2profile
[kf@RiotStarter adm]$ ./db2start `perl -e 'print "A" x 9901'`
Segmentation fault
Exploit Database EDB-ID : 23348
Date de publication : 2003-11-06 23h00 +00:00
Auteur : SNOSoft
EDB Vérifié : Yes
source: https://www.securityfocus.com/bid/8990/info
IBM DB2 has been reported to be prone to multiple buffer overflow vulnerabilities that present themselves in binaries that are shipped with DB2. The vulnerabilities are likely caused due to a lack of sufficient boundary checks performed on user supplied command-line arguments before they are copied into a reserved buffer in memory. It has been reported that by supplying arguments of excessive length to the respective vulnerable executables a local attacker may trigger the execution of arbitrary attacker-supplied instructions with elevated privileges.
[kf@RiotStarter adm]$ ./db2stop `perl -e 'print "A" x 4001'`
Segmentation fault
Products Mentioned
Configuraton 0
Ibm>>Db2 >> Version 9.0
- Ibm>>Db2 >> Version 9.0 (Open CPE detail)
- Ibm>>Db2 >> Version 9.0 (Open CPE detail)
Références
2025©
tesweb SA
