IBM DB2 Multiple Bugs Let Local Users Gain Root Privileges
|
|
SecurityTracker Alert ID: 1018581 |
|
SecurityTracker URL: http://securitytracker.com/id/1018581
|
|
CVE Reference:
CVE-2007-4270, CVE-2007-4271, CVE-2007-4272, CVE-2007-4273, CVE-2007-4275, CVE-2007-4276
(Links to External Site)
|
Date: Aug 17 2007
|
Impact:
Execution of arbitrary code via local system, Modification of system information, Root access via local system
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): V9 prior to Fix Pack 3, V8 prior to FixPak 15
|
Description:
Several vulnerabilities were reported in IBM DB2. A local user can obtain elevated privileges on the target system.
A local user can create a symbolic link (symlink) from a critical file on the system to files used by DB2 after DB2 has checked to see if a symlink exists and before the symlinked file is processed to modify arbitrary files with root privileges [CVE-2007-4270].
A local user can modify a certain environment variable to trigger a directory traversal flaw and cause some DB2 binaries to create arbitrary files on the target system [CVE-2007-4271].
A local user can set certain combinations of environment variables to cause some DB2 binaries to create arbitrary files on the target system or append to arbitrary files [CVE-2007-4272].
A local user can cause certain DB2 binaries to create world-writable directories [CVE-2007-4273].
A local user can exploit search path vulnerabilities to cause DB2 to load an alternate binary or library [CVE-2007-4275].
A local user can set an environment variable to a specially crafted value to trigger a stack overflow and execute arbitrary code [CVE-2007-4276].
The vendor was notified on March 22 and 23, 2007.
The original advisories are available at:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=578
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=579
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=580
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=581
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=582
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=583
|
Impact:
A local user can obtain root privileges on the target system.
|
Solution:
The vendor has issued fixed versions (V9 Fix Pack 3 and version V8 FixPak 15).
The IBM advisories are available at:
http://www-1.ibm.com/support/docview.wss?uid=swg21256235
http://www-1.ibm.com/support/docview.wss?uid=swg21255572
|
Vendor URL: www-1.ibm.com/support/docview.wss?uid=swg21256235 (Links to External Site)
|
Cause:
Access control error, Boundary error, Input validation error, State error
|
Underlying OS:
Linux (Any), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Thu, 16 Aug 2007 20:18:47 -0400
Subject: IBM DB2
|
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=578
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=579
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=580
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=581
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=582
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=583
CVE-2007-4270
CVE-2007-4271
CVE-2007-4272
CVE-2007-4273
CVE-2007-4275
CVE-2007-4276
|
|
