Информационная безопасность
[RU] switch to English


Многочисленные уязвимости в IBM DB2 (multiple bugs)
Опубликовано:23 февраля 2007 г.
Источник:
SecurityVulns ID:7295
Тип:локальная
Уровень опасности:
6/10
Описание:Многочисленные повышения привилегий, возможность создания файлов.
Затронутые продукты:IBM : DB2 8.1
 IBM : DB2 9.1
CVE:CVE-2007-1228 (IBM DB2 UDB 8.2 before Fixpak 7 (aka fixpack 14), and DB2 9 before Fix Pack 2, on UNIX allows the "fenced" user to access certain unauthorized directories.)
 CVE-2007-1089 (IBM DB2 Universal Database (UDB) 9.1 GA through 9.1 FP1 allows local users with table SELECT privileges to perform unauthorized UPDATE and DELETE SQL commands via unknown vectors.)
 CVE-2007-1088 (Stack-based buffer overflow in IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 allows local users to execute arbitrary code via a long string in unspecified environment variables.)
 CVE-2007-1087 (IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 does not properly terminate certain input strings, which allows local users to execute arbitrary code via unspecified environment variables that trigger a heap-based buffer overflow.)
 CVE-2007-1086 (Unspecified binaries in IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 allow local users to create or modify arbitrary files via unspecified environment variables related to "unsafe file access.")
Оригинальный текстdocumentIDEFENSE, iDefense Security Advisory 02.22.07: IBM DB2 Universal Database DB2INSTANCE File Creation Vulnerability (23.02.2007)
 documentIDEFENSE, iDefense Security Advisory 02.22.07: IBM DB2 Universal Database Multiple Privilege Escalation Vulnerabilities (23.02.2007)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород