IBM DB2多个命令行格式字符串漏洞

漏洞信息详情

IBM DB2多个命令行格式字符串漏洞

漏洞简介

IBM DB2 Universal Database 8.1版本中存在多个格式字符串漏洞。本地用户可以借助(1)db2start,(2) db2stop,或者(3) db2govd中的特定命令行参数执行任意代码。

漏洞公告

It has been reported that IBM has released Fixpack 4 for v8 of the database. IBM is also said to be currently developing Fixpack 11 for v7, which will be available in mid November 2003. This information has not yet been verified by Symantec. Until this information has been confirmed, users are advised to check the following URL for Fixpack releases.
http://www-3.ibm.com/cgi-bin/db2www/data/db2/udb/winos2unix/support/download.d2w/report

参考网址

来源: XF
名称: db2-multiple-binaries-bo(13633)
链接:http://xforce.iss.net/xforce/xfdb/13633

来源: BID
名称: 8989
链接:http://www.securityfocus.com/bid/8989

来源: BUGTRAQ
名称: 20031108 SRT2003-11-06-0710 – IBM DB2 Multiple local security issues
链接:http://www.securityfocus.com/archive/1/343804

来源: www.secnetops.com
链接:http://www.secnetops.com/research/advisories/SRT2003-11-06-0710.txt

受影响实体

© 版权声明
THE END
喜欢就支持一下吧
点赞0 分享