IBM DB2 XML Extender UDF Unauthorized File Access Vulnerability

Bugtraq ID:	12510
Class:	Access Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Feb 10 2005 12:00AM
Updated:	Feb 10 2005 12:00AM
Credit:	Discovery is credited to David Litchfield of NGS Software.
Vulnerable:	IBM DB2 Universal Database for Windows 8.1 IBM DB2 Universal Database for Windows 8.0 IBM DB2 Universal Database for Windows 7.2 IBM DB2 Universal Database for Windows 7.1 IBM DB2 Universal Database for Solaris 8.1 IBM DB2 Universal Database for Solaris 8.0 IBM DB2 Universal Database for Solaris 7.2 IBM DB2 Universal Database for Solaris 7.1 IBM DB2 Universal Database for Solaris 7.0 IBM DB2 Universal Database for Solaris 6.1 IBM DB2 Universal Database for Solaris 6.0 IBM DB2 Universal Database for Linux 8.1 IBM DB2 Universal Database for Linux 8.0 IBM DB2 Universal Database for Linux 7.2 IBM DB2 Universal Database for Linux 7.1 IBM DB2 Universal Database for Linux 7.0 IBM DB2 Universal Database for Linux 6.1 - Caldera OpenLinux 2.4 - Redhat Linux 7.0 - SuSE Linux 7.0 - Turbolinux Turbolinux 6.0.4 IBM DB2 Universal Database for Linux 6.0 IBM DB2 Universal Database for HP-UX 8.1 IBM DB2 Universal Database for HP-UX 8.0 IBM DB2 Universal Database for HP-UX 7.2 IBM DB2 Universal Database for HP-UX 7.1 IBM DB2 Universal Database for HP-UX 7.0 IBM DB2 Universal Database for HP-UX 6.1 IBM DB2 Universal Database for HP-UX 6.0 IBM DB2 Universal Database for AIX 8.1 IBM DB2 Universal Database for AIX 8.0 IBM DB2 Universal Database for AIX 7.2 IBM DB2 Universal Database for AIX 7.1 IBM DB2 Universal Database for AIX 7.0 IBM DB2 Universal Database for AIX 6.1 IBM DB2 Universal Database for AIX 6.0
Not Vulnerable:

IBM DB2 XML Extender UDF Unauthorized File Access Vulnerability

IBM DB2 is prone to a security vulnerability that may allow unauthorized read or write access to files on the computer in the context of the server process. This issue exists in the XML Extender UDFs (User-Defined Functions). This could result in information disclosure as well as corruption of files on the computer. There is a theoretical possibility of code execution.

This vulnerability appears similar in nature to BID 12170 IBM DB2 XML Function Unauthorized File Creation and Disclosure Vulnerability.

This issue may be related to BID 12508 IBM DB2 Universal Database Unspecified Vulnerability.

IBM DB2 XML Extender UDF Unauthorized File Access Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

IBM DB2 XML Extender UDF Unauthorized File Access Vulnerability

Solution:
It is reported that the vendor has released FixPak 6b and FixPak 8 and above for IBM DB2 8.1.


IBM DB2 Universal Database for AIX 8.0

• IBM DB2 Universal Database Version 8 FixPak 8
  http://www-1.ibm.com/support/docview.wss?rs=0&uid=swg24008763

IBM DB2 Universal Database for HP-UX 8.0

• IBM DB2 Universal Database Version 8 FixPak 8
  http://www-1.ibm.com/support/docview.wss?rs=0&uid=swg24008763

IBM DB2 Universal Database for Solaris 8.0

• IBM DB2 Universal Database Version 8 FixPak 8
  http://www-1.ibm.com/support/docview.wss?rs=0&uid=swg24008763

IBM DB2 Universal Database for Linux 8.0

• IBM DB2 Universal Database Version 8 FixPak 8
  http://www-1.ibm.com/support/docview.wss?rs=0&uid=swg24008763

IBM DB2 Universal Database for Windows 8.0

• IBM DB2 Universal Database Version 8 FixPak 8
  http://www-1.ibm.com/support/docview.wss?rs=0&uid=swg24008763

IBM DB2 Universal Database for Windows 8.1

• IBM DB2 Universal Database Version 8 FixPak 8
  http://www-1.ibm.com/support/docview.wss?rs=0&uid=swg24008763

IBM DB2 Universal Database for AIX 8.1

• IBM DB2 Universal Database Version 8 FixPak 8
  http://www-1.ibm.com/support/docview.wss?rs=0&uid=swg24008763

IBM DB2 Universal Database for Solaris 8.1

• IBM DB2 Universal Database Version 8 FixPak 8
  http://www-1.ibm.com/support/docview.wss?rs=0&uid=swg24008763

IBM DB2 Universal Database for Linux 8.1

• IBM DB2 Universal Database Version 8 FixPak 8
  http://www-1.ibm.com/support/docview.wss?rs=0&uid=swg24008763

IBM DB2 Universal Database for HP-UX 8.1

• IBM DB2 Universal Database Version 8 FixPak 8
  http://www-1.ibm.com/support/docview.wss?rs=0&uid=swg24008763

IBM DB2 XML Extender UDF Unauthorized File Access Vulnerability

References:

• An update on DB2 Universal Database response to security vulnerabilities (IBM)
  
• IY63577: CERTAIN XML EXTENDER UDF S ALLOW READ OR WRITE OPERATIONS FROM OR TO AR (IBM)