漏洞信息详情
IBM DB2多个命令行格式字符串漏洞
- CNNVD编号:CNNVD-200409-066
- 危害等级: 高危
- CVE编号:
CVE-2003-1051
- 漏洞类型:
格式化字符串
- 发布时间:
2004-09-28
- 威胁类型:
本地
- 更新时间:
2005-10-20
- 厂 商:
ibm - 漏洞来源:
This vulnerability… -
漏洞简介
IBM DB2 Universal Database 8.1版本中存在多个格式字符串漏洞。本地用户可以借助(1)db2start,(2) db2stop,或者(3) db2govd中的特定命令行参数执行任意代码。
漏洞公告
It has been reported that IBM has released Fixpack 4 for v8 of the database. IBM is also said to be currently developing Fixpack 11 for v7, which will be available in mid November 2003. This information has not yet been verified by Symantec. Until this information has been confirmed, users are advised to check the following URL for Fixpack releases.
http://www-3.ibm.com/cgi-bin/db2www/data/db2/udb/winos2unix/support/download.d2w/report
参考网址
来源: XF
名称: db2-multiple-binaries-bo(13633)
链接:http://xforce.iss.net/xforce/xfdb/13633
来源: BID
名称: 8989
链接:http://www.securityfocus.com/bid/8989
来源: BUGTRAQ
名称: 20031108 SRT2003-11-06-0710 – IBM DB2 Multiple local security issues
链接:http://www.securityfocus.com/archive/1/343804
来源: www.secnetops.com
链接:http://www.secnetops.com/research/advisories/SRT2003-11-06-0710.txt