IBM Cloudscape Database Remote Command Execution Vulnerability
BID:9583
Info
IBM Cloudscape Database Remote Command Execution Vulnerability
| Bugtraq ID: | 9583 |
| Class: | Input Validation Error |
| CVE: |
CVE-2004-0253 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 05 2004 12:00AM |
| Updated: | Jul 12 2009 02:06AM |
| Credit: | Discovery of this vulnerability has been credited to Marc Schoenefeld <[email protected]>. |
| Vulnerable: |
IBM Cloudscape 5.1 |
| Not Vulnerable: | |
Discussion
IBM Cloudscape Database Remote Command Execution Vulnerability
A vulnerability has been reported in the IBM Cloudscape database that could permit remote attackers to execute arbitrary commands on a system hosting the software. This issue may reportedly be exploited through a malicious SQL statement that will cause an executable on the host file system to be run.
A vulnerability has been reported in the IBM Cloudscape database that could permit remote attackers to execute arbitrary commands on a system hosting the software. This issue may reportedly be exploited through a malicious SQL statement that will cause an executable on the host file system to be run.
Exploit / POC
IBM Cloudscape Database Remote Command Execution Vulnerability
This issue can be exploited using a malicious SQL statement.
This issue can be exploited using a malicious SQL statement.
Solution / Fix
IBM Cloudscape Database Remote Command Execution Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
IBM Cloudscape Database Remote Command Execution Vulnerability
References:
References:
- IBM Cloudscape Homepage (IBM)
- IBM cloudscape SQL Database (DB2J) vulnerable to remote command injection (Marc Schoenefeld
)