IBM DB2 Universal Database Server Object Creation Remote Code Execution Vulnerability
BID:12514
Info
IBM DB2 Universal Database Server Object Creation Remote Code Execution Vulnerability
| Bugtraq ID: | 12514 |
| Class: | Unknown |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 10 2005 12:00AM |
| Updated: | Feb 10 2005 12:00AM |
| Credit: | The individual or individuals responsible for the discovery of this issue are currently unknown; the vendor disclosed this issue. |
| Vulnerable: |
IBM DB2 Universal Database for Windows 8.1 IBM DB2 Universal Database for Windows 8.0 IBM DB2 Universal Database for Windows 7.2 IBM DB2 Universal Database for Windows 7.1 IBM DB2 Universal Database for Solaris 8.1 IBM DB2 Universal Database for Solaris 8.0 IBM DB2 Universal Database for Solaris 7.2 IBM DB2 Universal Database for Solaris 7.1 IBM DB2 Universal Database for Solaris 7.0 IBM DB2 Universal Database for Solaris 6.1 IBM DB2 Universal Database for Solaris 6.0 IBM DB2 Universal Database for OS/390 and z/OS 7.1 IBM DB2 Universal Database for OS/390 and z/OS 6.0 IBM DB2 Universal Database for OS/390 and z/OS 5.0 IBM DB2 Universal Database for Linux 8.1 IBM DB2 Universal Database for Linux 8.0 IBM DB2 Universal Database for Linux 7.2 IBM DB2 Universal Database for Linux 7.1 IBM DB2 Universal Database for Linux 7.0 IBM DB2 Universal Database for Linux 6.1 IBM DB2 Universal Database for Linux 6.0 IBM DB2 Universal Database for HP-UX 8.1 IBM DB2 Universal Database for HP-UX 8.0 IBM DB2 Universal Database for HP-UX 7.2 IBM DB2 Universal Database for HP-UX 7.1 IBM DB2 Universal Database for HP-UX 7.0 IBM DB2 Universal Database for HP-UX 6.1 IBM DB2 Universal Database for HP-UX 6.0 IBM DB2 Universal Database for AIX 8.1 IBM DB2 Universal Database for AIX 8.0 IBM DB2 Universal Database for AIX 7.2 IBM DB2 Universal Database for AIX 7.1 IBM DB2 Universal Database for AIX 7.0 IBM DB2 Universal Database for AIX 6.1 IBM DB2 Universal Database for AIX 6.0 |
| Not Vulnerable: | |
Discussion
IBM DB2 Universal Database Server Object Creation Remote Code Execution Vulnerability
A remote code execution vulnerability affects IBM DB2 Universal Database Server. This issue is due to a failure of the application to properly handle the creation of new objects.
This issue may be related to BID 12508 IBM DB2 Universal Database Unspecified Vulnerability.
An attacker with a database connection may leverage this issue to execute arbitrary code within the context of the affected database instance, potentially facilitating unauthorized access or privilege escalation.
A remote code execution vulnerability affects IBM DB2 Universal Database Server. This issue is due to a failure of the application to properly handle the creation of new objects.
This issue may be related to BID 12508 IBM DB2 Universal Database Unspecified Vulnerability.
An attacker with a database connection may leverage this issue to execute arbitrary code within the context of the affected database instance, potentially facilitating unauthorized access or privilege escalation.
Exploit / POC
IBM DB2 Universal Database Server Object Creation Remote Code Execution Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
IBM DB2 Universal Database Server Object Creation Remote Code Execution Vulnerability
Solution:
The vendor has released FixPak 8 dealing with this issue for their DB2 version 8.1 packages.
IBM DB2 Universal Database for AIX 8.0
IBM DB2 Universal Database for HP-UX 8.0
IBM DB2 Universal Database for Linux 8.0
IBM DB2 Universal Database for Solaris 8.0
IBM DB2 Universal Database for Windows 8.0
IBM DB2 Universal Database for AIX 8.1
IBM DB2 Universal Database for Solaris 8.1
IBM DB2 Universal Database for HP-UX 8.1
IBM DB2 Universal Database for Windows 8.1
IBM DB2 Universal Database for Linux 8.1
Solution:
The vendor has released FixPak 8 dealing with this issue for their DB2 version 8.1 packages.
IBM DB2 Universal Database for AIX 8.0
-
IBM DB2 Universal Database Version 8 FixPak 8
http://www-1.ibm.com/support/docview.wss?rs=0&uid=swg24008763
IBM DB2 Universal Database for HP-UX 8.0
-
IBM DB2 Universal Database Version 8 FixPak 8
http://www-1.ibm.com/support/docview.wss?rs=0&uid=swg24008763
IBM DB2 Universal Database for Linux 8.0
-
IBM DB2 Universal Database Version 8 FixPak 8
http://www-1.ibm.com/support/docview.wss?rs=0&uid=swg24008763
IBM DB2 Universal Database for Solaris 8.0
-
IBM DB2 Universal Database Version 8 FixPak 8
http://www-1.ibm.com/support/docview.wss?rs=0&uid=swg24008763
IBM DB2 Universal Database for Windows 8.0
-
IBM DB2 Universal Database Version 8 FixPak 8
http://www-1.ibm.com/support/docview.wss?rs=0&uid=swg24008763
IBM DB2 Universal Database for AIX 8.1
-
IBM DB2 Universal Database Version 8 FixPak 8
http://www-1.ibm.com/support/docview.wss?rs=0&uid=swg24008763
IBM DB2 Universal Database for Solaris 8.1
-
IBM DB2 Universal Database Version 8 FixPak 8
http://www-1.ibm.com/support/docview.wss?rs=0&uid=swg24008763
IBM DB2 Universal Database for HP-UX 8.1
-
IBM DB2 Universal Database Version 8 FixPak 8
http://www-1.ibm.com/support/docview.wss?rs=0&uid=swg24008763
IBM DB2 Universal Database for Windows 8.1
-
IBM DB2 Universal Database Version 8 FixPak 8
http://www-1.ibm.com/support/docview.wss?rs=0&uid=swg24008763
IBM DB2 Universal Database for Linux 8.1
-
IBM DB2 Universal Database Version 8 FixPak 8
http://www-1.ibm.com/support/docview.wss?rs=0&uid=swg24008763
References
IBM DB2 Universal Database Server Object Creation Remote Code Execution Vulnerability
References:
References: