Vulnerabilities > CVE-2007-3676 - Resource Management Errors vulnerability in IBM DB2
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
IBM DB2 Universal Database (UDB) Administration Server (DAS) 8 before Fix Pack 16 and 9 before Fix Pack 4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via modified pointer values in unspecified remote administration requests, which triggers memory corruption or other invalid memory access. NOTE: this might be the same issue as CVE-2008-0698.
Common Weakness Enumeration (CWE)
Nessus
NASL family Databases NASL id DB2_81FP16.NASL description According to its version, the installation of IBM DB2 running on the remote host is affected by one or more of the following issues : - A local user may be able to gain root privileges using the last seen 2020-06-01 modified 2020-06-02 plugin id 30153 published 2008-02-05 reporter This script is Copyright (C) 2008-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/30153 title IBM DB2 < 8.1 Fix Pack 16 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(30153); script_version("1.24"); script_cvs_date("Date: 2018/11/15 20:50:21"); script_cve_id("CVE-2007-3676", "CVE-2007-5757", "CVE-2008-0698"); script_bugtraq_id(27596, 27680, 27681); script_name(english:"IBM DB2 < 8.1 Fix Pack 16 Multiple Vulnerabilities"); script_summary(english:"Checks DB2 signature."); script_set_attribute(attribute:"synopsis", value: "The remote database server is affected by multiple issues." ); script_set_attribute(attribute:"description", value: "According to its version, the installation of IBM DB2 running on the remote host is affected by one or more of the following issues : - A local user may be able to gain root privileges using the 'db2pd' tool. (IZ03546) - The 'b2dart' tool executes a TPUT command, which effectively allows users to run commands as the DB2 instance owner. (IZ03647) - A buffer overflow and invalid memory access vulnerability exist in the DAS server code. (IZ05496) - An unspecified vulnerability in 'SYSPROC.ADMIN_SP_C'. (IZ06972) - An unspecified vulnerability exists due to incorrect authorization checking in 'ALTER TABLE' statements. (IZ07337)"); script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?6734f378" ); script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?8ba276a6" ); script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2008/Feb/72" ); script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2008/Feb/73" ); script_set_attribute(attribute:"see_also", value:"http://www-1.ibm.com/support/docview.wss?uid=swg21256235" ); script_set_attribute(attribute:"solution", value: "Apply IBM DB2 UDB Version 8.1 Fix Pack 16 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(119, 264, 399); script_set_attribute(attribute:"plugin_publication_date", value: "2008/02/05"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:db2"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Databases"); script_copyright(english:"This script is Copyright (C) 2008-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("db2_das_detect.nasl"); script_require_ports("Services/db2das", 523); exit(0); } include("global_settings.inc"); include("misc_func.inc"); include("db2_report_func.inc"); port = get_service(svc:'db2das', default:523, exit_on_fail:TRUE); level = get_kb_item_or_exit("DB2/" + port + "/Level"); platform = get_kb_item_or_exit("DB2/"+port+"/Platform"); platform_name = get_kb_item("DB2/"+port+"/Platform_Name"); if (isnull(platform_name)) { platform_name = platform; report_phrase = "platform " + platform; } else report_phrase = platform_name; vuln = FALSE; # Windows 32-bit if (platform == 5) { fixed_level = '8.1.16.429'; if (ver_compare(ver:level, fix:fixed_level) == -1) vuln = TRUE; } # Linux, 2.6 Kernel 32-bit else if (platform == 18) { if (level =~ '^8\\.1\\.0\\.') fixed_level = '8.1.0.144'; else fixed_level = '8.1.2.144'; if (ver_compare(ver:level, fix:fixed_level) == -1) vuln = TRUE; } else { info = 'Nessus does not support version checks against ' + report_phrase + '.\n' + 'To help us better identify vulnerable versions, please send the platform\n' + 'number along with details about the platform, including the operating system\n' + 'version, CPU architecture, and DB2 version to [email protected].\n'; exit(1, info); } if (vuln) { report_db2( severity : SECURITY_HOLE, port : port, platform_name : platform_name, installed_level : level, fixed_level : fixed_level); } else exit(0, "IBM DB2 "+level+" on " + report_phrase + " is listening on port "+port+" and is not affected.");NASL family Databases NASL id DB2_9FP4.NASL description According to its version, the installation of IBM DB2 running on the remote host is affected by one or more of the following issues : - The last seen 2020-06-01 modified 2020-06-02 plugin id 28227 published 2007-11-16 reporter This script is Copyright (C) 2007-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/28227 title IBM DB2 < 9 Fix Pack 4 Multiple Vulnerabilities
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 27681 CVE(CAN) ID: CVE-2007-3676 IBM DB2是一个大型的商业关系数据库系统,面向电子商务、商业资讯、内容管理、客户关系管理等应用,可运行于AIX、HP-UX、Linux、Solaris、Windows等系统。 DB2管理服务器(DAS)在处理某些远程管理请求时会使用远程客户端所提供的32位指针值。如果提供了特制的地址值的话,攻击者就可以触发缓冲区溢出,强制程序访问无效的内存地址。 成功攻击允许攻击者导致服务崩溃或执行任意代码。无需认证凭据便可利用这个漏洞,但必须要在TCP 523端口上与DAS创建TCP会话。 IBM DB2 Universal Database 9.1 FixPak 2 厂商补丁: IBM --- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href=http://www-1.ibm.com/support/docview.wss?uid=swg21256235 target=_blank>http://www-1.ibm.com/support/docview.wss?uid=swg21256235</a> <a href=http://www-1.ibm.com/support/docview.wss?uid=swg21255572 target=_blank>http://www-1.ibm.com/support/docview.wss?uid=swg21255572</a> |
| id | SSV:2893 |
| last seen | 2017-11-19 |
| modified | 2008-02-14 |
| published | 2008-02-14 |
| reporter | Root |
| title | IBM DB2 Universal Database DAS缓冲区溢出漏洞 |