header-logo
Suggest Exploit
vendor:
DB2
by:
5.5
CVSS
MEDIUM
Information Disclosure
200
CWE
Product Name: DB2
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested: Windows

Information Disclosure Vulnerability in IBM DB2

An information disclosure vulnerability has been reported in IBM DB2. This vulnerability only exists when DB2 is installed on Microsoft Windows operating systems. This is due to a Windows permissions issue related to shared memory sections, culminating in authorized access to sensitive information. This vulnerability allows local users to inappropriately connect to DB2 IPC resources, and to also read files that may contain potentially sensitive information. This may aid them in further attacks.

Mitigation:

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/11402/info

An information disclosure vulnerability has been reported in IBM DB2. This vulnerability only exists when DB2 is installed on Microsoft Windows operating systems. This is due to a Windows permissions issue related to shared memory sections, culminating in authorized access to sensitive information.

This vulnerability allows local users to inappropriately connect to DB2 IPC resources, and to also read files that may contain potentially sensitive information. This may aid them in further attacks.

- Database usernames and passwords may be read from the 'DB2SHMSECURITYSERVICE' memory section.

- Various shared memory sections may be read allowing unauthorized access to query or query result data. The following examples were provided:

section read DB20QM 
section read DB2GLBQ0QM 
section read DB2SHMDB2_0APP 
section read DB2SHMDB2_0APL00000003 
section read DB2SHMDB2_0APL00000004 
section read DB2SHMDB2_0APL00000005

Navigation

Suggest Exploit

Services By CQR