IBM DB2 Unspecified XML Functions Remote Arbitrary Code Execution Vulnerability
BID:12512
Info
IBM DB2 Unspecified XML Functions Remote Arbitrary Code Execution Vulnerability
| Bugtraq ID: | 12512 |
| Class: | Unknown |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 10 2005 12:00AM |
| Updated: | Feb 10 2005 12:00AM |
| Credit: | This issue was announced by IBM. |
| Vulnerable: |
IBM DB2 Universal Database for Windows 8.0 IBM DB2 Universal Database for Solaris 8.0 IBM DB2 Universal Database for Linux 8.0 IBM DB2 Universal Database for HP-UX 8.0 IBM DB2 Universal Database for AIX 8.0 |
| Not Vulnerable: | |
Discussion
IBM DB2 Unspecified XML Functions Remote Arbitrary Code Execution Vulnerability
IBM DB2 is reported prone to a remote arbitrary code execution vulnerability. This issue can allow a remote attacker to completely compromise a vulnerable database server.
IBM DB2 version 8 FixPak 7 and FixPak 7a are reported vulnerable to this issue.
Further details are not available currently. It is possible that this issue results from an overflow condition, however, this is not confirmed at the moment. It is also possible that an SQL injection type attack may be used to leverage this issue. This BID will be updated when more information becomes available.
This issue may be related to BID 12508 IBM DB2 Universal Database Unspecified Vulnerability.
IBM DB2 is reported prone to a remote arbitrary code execution vulnerability. This issue can allow a remote attacker to completely compromise a vulnerable database server.
IBM DB2 version 8 FixPak 7 and FixPak 7a are reported vulnerable to this issue.
Further details are not available currently. It is possible that this issue results from an overflow condition, however, this is not confirmed at the moment. It is also possible that an SQL injection type attack may be used to leverage this issue. This BID will be updated when more information becomes available.
This issue may be related to BID 12508 IBM DB2 Universal Database Unspecified Vulnerability.
Exploit / POC
IBM DB2 Unspecified XML Functions Remote Arbitrary Code Execution Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
IBM DB2 Unspecified XML Functions Remote Arbitrary Code Execution Vulnerability
Solution:
IBM has released APAR IY66508 including DB2 UDB version 8 FixPak 8 to address this issue.
IBM DB2 Universal Database for AIX 8.0
IBM DB2 Universal Database for HP-UX 8.0
IBM DB2 Universal Database for Solaris 8.0
IBM DB2 Universal Database for Linux 8.0
IBM DB2 Universal Database for Windows 8.0
Solution:
IBM has released APAR IY66508 including DB2 UDB version 8 FixPak 8 to address this issue.
IBM DB2 Universal Database for AIX 8.0
-
IBM DB2 Universal Database Version 8 FixPak 8
http://www-1.ibm.com/support/docview.wss?rs=0&uid=swg24008763
IBM DB2 Universal Database for HP-UX 8.0
-
IBM DB2 Universal Database Version 8 FixPak 8
http://www-1.ibm.com/support/docview.wss?rs=0&uid=swg24008763
IBM DB2 Universal Database for Solaris 8.0
-
IBM DB2 Universal Database Version 8 FixPak 8
http://www-1.ibm.com/support/docview.wss?rs=0&uid=swg24008763
IBM DB2 Universal Database for Linux 8.0
-
IBM DB2 Universal Database Version 8 FixPak 8
http://www-1.ibm.com/support/docview.wss?rs=0&uid=swg24008763
IBM DB2 Universal Database for Windows 8.0
-
IBM DB2 Universal Database Version 8 FixPak 8
http://www-1.ibm.com/support/docview.wss?rs=0&uid=swg24008763
References
IBM DB2 Unspecified XML Functions Remote Arbitrary Code Execution Vulnerability
References:
References: