header-logo
Suggest Exploit
vendor:
DB2
by:
SecurityFocus
7.2
CVSS
HIGH
Buffer Overflow
119
CWE
Product Name: DB2
Affected Version From: IBM DB2 v7.2
Affected Version To: IBM DB2 v7.2
Patch Exists: YES
Related CWE: CVE-2002-0991
CPE: a:ibm:db2
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Linux x86/s390
2002

Buffer Overflow in IBM DB2 db2dart Utility

A local attacker, who can authenticate or has access as the db2as user, may exploit this issue to execute arbitrary instructions with elevated privileges. Specifically, user 'root' privileges. The vulnerability is triggered by passing a long string of characters to the db2dart utility.

Mitigation:

IBM has released a patch to address this issue.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/8552/info

It has been reported that the IBM DB2 db2dart utility is prone to locally exploitable buffer overflow vulnerability. A local attacker, who can authenticate or has access as the db2as user, may exploit this issue to execute arbitrary instructions with elevated privileges. Specifically, user 'root' privileges.

Although this vulnerability has been reported to affect IBM DB2 v7.2 for Linux x86/s390 Other IBM DB2 versions and target platforms may also be affected. 

/home/db2as/sqllib/adm/db2dart `perl -e 'print "A"x1287'`

Navigation

Suggest Exploit

Services By CQR