Vulnerabilities > CVE-2007-3676 - Resource Management Errors vulnerability in IBM DB2

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
ibm
CWE-399
nessus

Summary

IBM DB2 Universal Database (UDB) Administration Server (DAS) 8 before Fix Pack 16 and 9 before Fix Pack 4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via modified pointer values in unspecified remote administration requests, which triggers memory corruption or other invalid memory access. NOTE: this might be the same issue as CVE-2008-0698.

Vulnerable Configurations

Part Description Count
Application
Ibm
2

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyDatabases
    NASL idDB2_81FP16.NASL
    descriptionAccording to its version, the installation of IBM DB2 running on the remote host is affected by one or more of the following issues : - A local user may be able to gain root privileges using the
    last seen2020-06-01
    modified2020-06-02
    plugin id30153
    published2008-02-05
    reporterThis script is Copyright (C) 2008-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/30153
    titleIBM DB2 < 8.1 Fix Pack 16 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(30153);
      script_version("1.24");
      script_cvs_date("Date: 2018/11/15 20:50:21");
    
      script_cve_id("CVE-2007-3676", "CVE-2007-5757", "CVE-2008-0698");
      script_bugtraq_id(27596, 27680, 27681);
    
      script_name(english:"IBM DB2 < 8.1 Fix Pack 16 Multiple Vulnerabilities");
      script_summary(english:"Checks DB2 signature.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote database server is affected by multiple issues." );
      script_set_attribute(attribute:"description", value:
    "According to its version, the installation of IBM DB2 running on the
    remote host is affected by one or more of the following issues :
    
      - A local user may be able to gain root privileges using
        the 'db2pd' tool. (IZ03546)
    
      - The 'b2dart' tool executes a TPUT command, which
        effectively allows users to run commands as the DB2
        instance owner. (IZ03647)
    
      - A buffer overflow and invalid memory access 
        vulnerability exist in the DAS server code. (IZ05496)
    
      - An unspecified vulnerability in 'SYSPROC.ADMIN_SP_C'.
        (IZ06972)
    
      - An unspecified vulnerability exists due to incorrect
        authorization checking in 'ALTER TABLE' statements.
        (IZ07337)");
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?6734f378" );
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?8ba276a6" );
      script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2008/Feb/72" );
      script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2008/Feb/73" );
      script_set_attribute(attribute:"see_also", value:"http://www-1.ibm.com/support/docview.wss?uid=swg21256235" );
      script_set_attribute(attribute:"solution", value:
    "Apply IBM DB2 UDB Version 8.1 Fix Pack 16 or later." );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(119, 264, 399);
      script_set_attribute(attribute:"plugin_publication_date", value: "2008/02/05");
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:db2");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Databases");
     
      script_copyright(english:"This script is Copyright (C) 2008-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
     
      script_dependencies("db2_das_detect.nasl");
      script_require_ports("Services/db2das", 523);
    
      exit(0);
    }
    
    include("global_settings.inc");
    include("misc_func.inc");
    include("db2_report_func.inc");
    
    port = get_service(svc:'db2das', default:523, exit_on_fail:TRUE);
    
    level = get_kb_item_or_exit("DB2/" + port + "/Level");
    platform = get_kb_item_or_exit("DB2/"+port+"/Platform");
    platform_name = get_kb_item("DB2/"+port+"/Platform_Name");
    if (isnull(platform_name))
    {
      platform_name = platform;
      report_phrase = "platform " + platform;
    }
    else
      report_phrase = platform_name;
    
    vuln = FALSE;
    # Windows 32-bit
    if (platform == 5)
    {
      fixed_level = '8.1.16.429';
      if (ver_compare(ver:level, fix:fixed_level) == -1)
        vuln = TRUE;
    }
    # Linux, 2.6 Kernel 32-bit
    else if (platform == 18)
    {
      if (level =~ '^8\\.1\\.0\\.') fixed_level = '8.1.0.144';
      else fixed_level = '8.1.2.144';
    
      if (ver_compare(ver:level, fix:fixed_level) == -1)
        vuln = TRUE;
    }
    else
    {
      info =
        'Nessus does not support version checks against ' + report_phrase + '.\n' +
        'To help us better identify vulnerable versions, please send the platform\n' +
        'number along with details about the platform, including the operating system\n' +
        'version, CPU architecture, and DB2 version to [email protected].\n';
      exit(1, info);
    }
    
    if (vuln)
    {
      report_db2(
          severity        : SECURITY_HOLE,
          port            : port,
          platform_name   : platform_name,
          installed_level : level,
          fixed_level     : fixed_level);
    }
    else exit(0, "IBM DB2 "+level+" on " + report_phrase + " is listening on port "+port+" and is not affected.");
    
  • NASL familyDatabases
    NASL idDB2_9FP4.NASL
    descriptionAccording to its version, the installation of IBM DB2 running on the remote host is affected by one or more of the following issues : - The
    last seen2020-06-01
    modified2020-06-02
    plugin id28227
    published2007-11-16
    reporterThis script is Copyright (C) 2007-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/28227
    titleIBM DB2 < 9 Fix Pack 4 Multiple Vulnerabilities

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 27681 CVE(CAN) ID: CVE-2007-3676 IBM DB2是一个大型的商业关系数据库系统,面向电子商务、商业资讯、内容管理、客户关系管理等应用,可运行于AIX、HP-UX、Linux、Solaris、Windows等系统。 DB2管理服务器(DAS)在处理某些远程管理请求时会使用远程客户端所提供的32位指针值。如果提供了特制的地址值的话,攻击者就可以触发缓冲区溢出,强制程序访问无效的内存地址。 成功攻击允许攻击者导致服务崩溃或执行任意代码。无需认证凭据便可利用这个漏洞,但必须要在TCP 523端口上与DAS创建TCP会话。 IBM DB2 Universal Database 9.1 FixPak 2 厂商补丁: IBM --- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href=http://www-1.ibm.com/support/docview.wss?uid=swg21256235 target=_blank>http://www-1.ibm.com/support/docview.wss?uid=swg21256235</a> <a href=http://www-1.ibm.com/support/docview.wss?uid=swg21255572 target=_blank>http://www-1.ibm.com/support/docview.wss?uid=swg21255572</a>
idSSV:2893
last seen2017-11-19
modified2008-02-14
published2008-02-14
reporterRoot
titleIBM DB2 Universal Database DAS缓冲区溢出漏洞