Command-Line Parameter Format String Vulnerabilities in IBM DB2

vendor:

DB2

by:

SecurityFocus

7.2

CVSS

HIGH

Format String Vulnerability

134

CWE

Product Name: DB2

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: N/A

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2002

Command-Line Parameter Format String Vulnerabilities in IBM DB2

Multiple command-line parameter format string vulnerabilities have been discovered in various IBM DB2 binaries. Specifically, format-based functions are implemented erroneously within the db2govd, db2start, and db2stop programs. These binaries are typically installed setuid, allowing a malicious local user to gain elevated privileges.

Mitigation:

N/A

Source

Command-Line Parameter Format String Vulnerabilities in IBM DB2

Mitigation:

Exploit-DB raw data: