漏洞信息详情
IBM DB2 db2ckpw本地缓冲区溢出漏洞
- CNNVD编号:CNNVD-200409-065
- 危害等级: 高危
![图片[1]-IBM DB2 db2ckpw本地缓冲区溢出漏洞-一一网](https://www.proyy.com/skycj/data/images/2021-05-16/bbdd3e8868c10d22861b2275d65f4500.png)
- CVE编号:
CVE-2002-1583
- 漏洞类型:
边界条件错误
- 发布时间:
2002-05-24
- 威胁类型:
本地
- 更新时间:
2005-10-20
- 厂 商:
ibm - 漏洞来源:
IBM Security Advis… -
漏洞简介
IBM DB2是一款由IBM公司开发的强大的数据库系统,适合于多种操作系统下使用,其中\’\’db2ckpw\’\’程序以setuid root方式安装,作为验证机制的一部分使用。
\’\’db2ckpw\’\’程序对用户名的数据检查缺少正确的处理,可导致本地攻击者进行缓冲溢出区攻击。
\’\’db2ckpw\’\’程序对大于8个字符长度用户名处理存在漏洞,本地攻击者可以提交包含多个字符的用户名给\’\’db2ckpw\’\’程序,可导致产生缓冲区溢出,精心构建字符串数据可使攻击者以root权限执行任意指令。
漏洞公告
临时解决方法:
如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
* 在防火墙上对DB2数据库进行访问控制,只允许可信用户访问。
厂商补丁:
IBM
—
IBM已经为此发布了一个安全公告(MSS-OAR-E01-2002:318.1)以及相应补丁:
MSS-OAR-E01-2002:318.1:Buffer overflow vulnerability in DB2 for AIX, Linux, Solaris, and HP-UX
链接:http://www-1.ibm.com/services/continuity/recover1.nsf/MSS/MSS-OAR-E01-2002.318.1” target=”_blank”>
http://www-1.ibm.com/services/continuity/recover1.nsf/MSS/MSS-OAR-E01-2002.318.1
补丁下载:
IBM DB2 Universal Database for AIX 6.0:
IBM Hotfix FP10_U482111
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2aixv61/FP10_U482111/
FixPack 10 for DB2 V6 for AIX.
IBM DB2 Universal Database for HP-UX 6.0:
IBM Hotfix FP10_U482113
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2hp10v61/FP10_U482113/
FixPack 10 for DB2 V6 for HP-UX 10.x.
IBM Hotfix FP10_U482114
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2hp11v61/FP10_U482114/
FixPack 10 for DB2 V6 for HP-UX 11.x.
IBM DB2 Universal Database for Linux 6.0:
IBM Hotfix FP10_IP22471
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2linuxv61/FP10_IP22471/
FixPack 10 for DB2 V6 for Linux.
IBM DB2 Universal Database for Solaris 6.0:
IBM Hotfix FP10_U482112
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2sunv61/FP10_U482112/
FixPack 10 for DB2 V6 for Solaris.
IBM DB2 Universal Database for Linux 6.1:
IBM Hotfix FP10_IP22471
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2linuxv61/FP10_IP22471/
FixPack 10 for DB2 V6 for Linux.
IBM DB2 Universal Database for HP-UX 6.1:
IBM Hotfix FP10_U482113
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2hp10v61/FP10_U482113/
FixPack 10 for DB2 V6 for HP-UX 10.x.
IBM Hotfix FP10_U482114
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2hp11v61/FP10_U482114/
FixPack 10 for DB2 V6 for HP-UX 11.x.
IBM DB2 Universal Database for Solaris 6.1:
IBM Hotfix FP10_U482112
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2sunv61/FP10_U482112/
FixPack 10 for DB2 V6 for Solaris.
IBM DB2 Universal Database for AIX 6.1:
IBM Hotfix FP10_U482111
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2aixv61/FP10_U482111/
FixPack 10 for DB2 V6 for AIX.
IBM DB2 Universal Database for AIX 7.0:
IBM Hotfix FP6_U481406
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2aixv7/FP6_U481406/
FixPack 6 for DB2 V7 for AIX.
IBM Hotfix FP6_U481407
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2aix43-64v7/FP6_U481407/
FixPack 6 for DB2 V7 for AIX43-64.
IBM Hotfix FP6_U481408
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2aix5-64v7/FP6_U481408/
FixPack 6 for DB2 V7 for AIX5-64.
IBM DB2 Universal Database for Linux 7.0:
IBM Hotfix FP6_U481413
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2linuxv7/FP6_U481413/
FixPack 6 for DB2 V7 for Linux.
IBM APAR FP6_MI00038
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2linux390v7/FP6_MI00038/
FixPack 6 for DB2 V7 for Linux390.
IBM DB2 Universal Database for HP-UX 7.0:
IBM Hotfix FP6_U481411
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2hpv7/FP6_U481411/
FixPack 6 for DB2 V7 for HP-UX 11.x.
IBM Hotfix FP6_U481412
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2hp64v7/FP6_U481412/
FixPack 6 for DB2 V7 for HP64.
IBM DB2 Universal Database for Solaris 7.0:
IBM Hotfix FP6_U481409
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2sunv7/FP6_U481409/
FixPack 6 for DB2 V7 for Solaris.
IBM Hotfix FP6_U481410
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2sun64v7/FP6_U481410/
FixPack 6 for DB2 V7 for Solaris (64-bit).
IBM DB2 Universal Database for Solaris 7.1:
IBM Hotfix FP6_U481409
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2sunv7/FP6_U481409/
FixPack 6 for DB2 V7 for Solaris.
IBM Hotfix FP6_U481410
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2sun64v7/FP6_U481410/
FixPack 6 for DB2 V7 for Solaris (64-bit).
IBM DB2 Universal Database for Linux 7.1:
IBM Hotfix FP6_U481413
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2linuxv7/FP6_U481413/
FixPack 6 for DB2 V7 for Linux.
IBM APAR FP6_MI00038
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2linux390v7/FP6_MI00038/
FixPack 6 for DB2 V7 for Linux390.
IBM DB2 Universal Database for HP-UX 7.1:
IBM Hotfix FP6_U481411
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2hpv7/FP6_U481411/
FixPack 6 for DB2 V7 for HP-UX 11.x.
IBM Hotfix FP6_U481412
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2hp64v7/FP6_U481412/
FixPack 6 for DB2 V7 for HP64.
IBM DB2 Universal Database for AIX 7.1:
IBM Hotfix FP6_U481406
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2aixv7/FP6_U481406/
FixPack 6 for DB2 V7 for AIX.
IBM Hotfix FP6_U481407
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2aix43-64v7/FP6_U481407/
F
参考网址
来源: IBM
名称: MSS-OAR-E01-2002:318.1
链接:http://www.securitytracker.com/alerts/2002/May/1004352.html
来源: BID
名称: 4817
链接:http://www.securityfocus.com/bid/4817
来源: XF
名称: ibm-db2-db2ckpw-bo(9078)
链接:http://www.iss.net/security_center/static/9078.php
![[桜井宁宁]COS和泉纱雾超可爱写真福利集-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/4d3cf227a85d7e79f5d6b4efb6bde3e8.jpg)
![[桜井宁宁] 爆乳奶牛少女cos写真-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/d40483e126fcf567894e89c65eaca655.jpg)
