IBM DB2 Remote Command Server Privilege Escalation Vulnerability
BID:9821
Info
IBM DB2 Remote Command Server Privilege Escalation Vulnerability
| Bugtraq ID: | 9821 |
| Class: | Design Error |
| CVE: |
CVE-2004-0795 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 09 2004 12:00AM |
| Updated: | Jul 12 2009 03:06AM |
| Credit: | Discovery is credited to David Litchfield. |
| Vulnerable: |
IBM DB2 Universal Database for Windows 8.1 |
| Not Vulnerable: | |
Discussion
IBM DB2 Remote Command Server Privilege Escalation Vulnerability
IBM DB2 Remote Command Server is prone to a vulnerability that may permit authenticated users to gain administrative access to the underlying database. This is because when the server accepts commands from legitimate users, it spawns another process with elevated privileges to execute the commands. In this manner, a user may execute arbitrary commands with the privileges of the db2admin account.
This issue is only known to exist on Windows platforms, though there have been conflicting details reported that seem to indicate that this issue may also affected DB2 releases for other platforms.
IBM DB2 Remote Command Server is prone to a vulnerability that may permit authenticated users to gain administrative access to the underlying database. This is because when the server accepts commands from legitimate users, it spawns another process with elevated privileges to execute the commands. In this manner, a user may execute arbitrary commands with the privileges of the db2admin account.
This issue is only known to exist on Windows platforms, though there have been conflicting details reported that seem to indicate that this issue may also affected DB2 releases for other platforms.
Exploit / POC
IBM DB2 Remote Command Server Privilege Escalation Vulnerability
There is no exploit required.
There is no exploit required.
Solution / Fix
IBM DB2 Remote Command Server Privilege Escalation Vulnerability
Solution:
IBM has addressed this issue in FixPax 5 for DB2 on Windows platforms.
IBM DB2 Universal Database for Windows 8.1
Solution:
IBM has addressed this issue in FixPax 5 for DB2 on Windows platforms.
IBM DB2 Universal Database for Windows 8.1
-
IBM FixPak 5 for Windows DB2 98/ME/NT4/2K/XP/2003 32-Bit
http://www-306.ibm.com/cgi-bin/db2www/data/db2/udb/winos2unix/support/ newwinv8fp.d2w/report?launchedfrom=download&fp=5&ptfnum=WR21334&os=WIN -32&url=ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db 2winIA32v8/fixpak/FP5_WR21334/ -
IBM FixPak 5 for Windows DB2 XP/2003 64-Bit
http://www-306.ibm.com/cgi-bin/db2www/data/db2/udb/winos2unix/support/ newwinv8fp.d2w/report?launchedfrom=download&fp=5&ptfnum=WR21335&os=WIN -64&url=ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db 2winIA64v8/fixpak/FP5_WR21335/
References
IBM DB2 Remote Command Server Privilege Escalation Vulnerability
References:
References:
- DB2 APAR IY53894 (IBM)
- IBM DB2 Remote Command Execution Privilege Upgrade (Next Generation Security Software)
- Re: IBM DB2 Remote Command Execution Privilege Upgrade (#NISR09032004) (Marc Bejarano