Vulnerabilities > CVE-2008-6821 - Buffer Errors vulnerability in IBM DB2 8.0/9.1/9.5
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Buffer overflow in the DAS server in IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 might allow attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors, a different vulnerability than CVE-2007-3676 and CVE-2008-3853.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 15 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Buffer Overflow via Environment Variables This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
- Overflow Buffers Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
- Client-side Injection-induced Buffer Overflow This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
- Filter Failure through Buffer Overflow In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
- MIME Conversion An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
Nessus
NASL family Databases NASL id DB2_95FP2.NASL description The installation of IBM DB2 9.5 running on the remote host does not have Fix Pack 2 applied. It is, therefore, affected by the following issues : - DB2 does not mark inoperative or drop views and triggers if the definer cannot maintain the objects (IZ22307). - Password-related connection string keyword values may appear in trace output (IZ28489). - There is an unspecified vulnerability in the way CLR Stored Procedures for Visual Studio from IBM database add-ins are deployed (JR28431). - There is an unspecified buffer overflow in DAS server code (IZ22190). - INSTALL_JAR can be used to create or overwrite critical files on a system (IZ22143). - On Windows, the db2fmp process is running with OS privileges (JR30227). last seen 2020-06-01 modified 2020-06-02 plugin id 34056 published 2008-08-28 reporter This script is Copyright (C) 2008-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/34056 title IBM DB2 9.5 < Fix Pack 2 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(34056); script_version("1.22"); script_cvs_date("Date: 2018/07/06 11:26:06"); script_cve_id("CVE-2008-2154", "CVE-2008-3852", "CVE-2008-4693", "CVE-2008-4692", "CVE-2008-6821"); script_bugtraq_id(30859, 35408, 35409); script_xref(name:"Secunia", value:"31635"); script_name(english:"IBM DB2 9.5 < Fix Pack 2 Multiple Vulnerabilities"); script_summary(english:"Checks DB2 signature."); script_set_attribute(attribute:"synopsis", value: "The remote database server is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The installation of IBM DB2 9.5 running on the remote host does not have Fix Pack 2 applied. It is, therefore, affected by the following issues : - DB2 does not mark inoperative or drop views and triggers if the definer cannot maintain the objects (IZ22307). - Password-related connection string keyword values may appear in trace output (IZ28489). - There is an unspecified vulnerability in the way CLR Stored Procedures for Visual Studio from IBM database add-ins are deployed (JR28431). - There is an unspecified buffer overflow in DAS server code (IZ22190). - INSTALL_JAR can be used to create or overwrite critical files on a system (IZ22143). - On Windows, the db2fmp process is running with OS privileges (JR30227)."); script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21293566"); script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22307"); script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg1IZ28489"); script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg1JR28431"); script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22190"); script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22143"); script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg1JR30227"); script_set_attribute(attribute:"solution", value:"Apply IBM DB2 version 9.5 Fix Pack 2."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(16, 119, 200, 264); script_set_attribute(attribute:"plugin_publication_date", value: "2008/08/28"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:db2"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Databases"); script_copyright(english:"This script is Copyright (C) 2008-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("db2_das_detect.nasl"); script_require_ports("Services/db2das", 523); exit(0); } include("global_settings.inc"); include("misc_func.inc"); include("db2_report_func.inc"); port = get_service(svc:'db2das', default:523, exit_on_fail:TRUE); level = get_kb_item_or_exit("DB2/" + port + "/Level"); if (level !~ '^9\\.5\\.') exit(0, "The version of IBM DB2 listening on port "+port+" is not 9.5 and thus is not affected."); platform = get_kb_item_or_exit("DB2/"+port+"/Platform"); platform_name = get_kb_item("DB2/"+port+"/Platform_Name"); if (isnull(platform_name)) { platform_name = platform; report_phrase = "platform " + platform; } else report_phrase = platform_name; vuln = FALSE; # Windows 32-bit if (platform == 5) { fixed_level = '9.5.200.315'; if (ver_compare(ver:level, fix:fixed_level) == -1) vuln = TRUE; } # Linux, 2.6 Kernel 32-bit else if (platform == 18) { fixed_level = '9.5.0.2'; if (ver_compare(ver:level, fix:fixed_level) == -1) vuln = TRUE; } else { info = 'Nessus does not support version checks against ' + report_phrase + '.\n' + 'To help us better identify vulnerable versions, please send the platform\n' + 'number along with details about the platform, including the operating system\n' + 'version, CPU architecture, and DB2 version to [email protected].\n'; exit(1, info); } if (vuln) { report_db2( severity : SECURITY_HOLE, port : port, platform_name : platform_name, installed_level : level, fixed_level : fixed_level); } exit(0, "IBM DB2 "+level+" on " + report_phrase + " is listening on port "+port+" and is not affected.");NASL family Databases NASL id DB2_9FP5.NASL description According to its version, the IBM DB2 server running on the remote host is affected by one or more of the following issues : - There is an unspecified security vulnerability related to a last seen 2020-06-01 modified 2020-06-02 plugin id 33128 published 2008-06-10 reporter This script is Copyright (C) 2008-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/33128 title IBM DB2 < 9 Fix Pack 5 Multiple Vulnerabilities NASL family Databases NASL id DB2_8FP17.NASL description According to its version, the installation of IBM DB2 8 running on the remote host is affected by multiple issues : - By sending malicious DB2 UDB v7 client CONNECT/DETACH requests it may be possible to crash the remote DB2 server. (IZ08134) - Failure to switch the owner of the last seen 2020-06-01 modified 2020-06-02 plugin id 34195 published 2008-09-12 reporter This script is Copyright (C) 2008-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/34195 title IBM DB2 8 < Fix Pack 17 Multiple Vulnerabilities
Seebug
| bulletinFamily | exploit |
| description | Bugraq ID: 35408 CVE ID:CVE-2008-6821 CNCVE ID:CNCVE-20086821 IBM DB2 Universal Database Server是一款大型的商业关系数据库系统, IBM DB2 DAS服务器代码存在缓冲区溢出,远程攻击者可以利用漏洞进行拒绝服务攻击或以应用程序权限执行任意指令。 目前没有详细漏洞细节提供。 IBM DB2 Universal Database for Windows 8.0 IBM DB2 Universal Database for Windows 9.5 Fix Pak 1 IBM DB2 Universal Database for Windows 9.5 IBM DB2 Universal Database for Windows 9.1Fix Pak 4a IBM DB2 Universal Database for Windows 9.1 FixPak 4 IBM DB2 Universal Database for Windows 9.1 FixPak 3 IBM DB2 Universal Database for Windows 9.1 FixPack 2 IBM DB2 Universal Database for Windows 9.1 IBM DB2 Universal Database for Windows 9.1 IBM DB2 Universal Database for Windows 8.0 FixPak 16 IBM DB2 Universal Database for Windows 8.0 FixPak 13 IBM DB2 Universal Database for Solaris 8.0 IBM DB2 Universal Database for Solaris 9.5 FixPak 1 IBM DB2 Universal Database for Solaris 9.5 IBM DB2 Universal Database for Solaris 9.1 FixPak 4a IBM DB2 Universal Database for Solaris 9.1 Fixpak 4 IBM DB2 Universal Database for Solaris 9.1 FixPak 4 IBM DB2 Universal Database for Solaris 9.1 FixPak 3 IBM DB2 Universal Database for Solaris 9.1 FixPack 2 IBM DB2 Universal Database for Solaris 9.1 IBM DB2 Universal Database for Solaris 8.0 FixPak 16 IBM DB2 Universal Database for Solaris 8.0 FixPak 13 IBM DB2 Universal Database for OS/390 and z/OS 8.0 IBM DB2 Universal Database for Linux 8.0 IBM DB2 Universal Database for Linux 9.5 FixPak 1 IBM DB2 Universal Database for Linux 9.5 IBM DB2 Universal Database for Linux 9.1 FixPak 4a IBM DB2 Universal Database for Linux 9.1 Fixpak 4 IBM DB2 Universal Database for Linux 9.1 FixPak 4 IBM DB2 Universal Database for Linux 9.1 FixPak 3 IBM DB2 Universal Database for Linux 9.1 FixPack 2 IBM DB2 Universal Database for Linux 9.1 IBM DB2 Universal Database for Linux 8.0 FixPak 16 IBM DB2 Universal Database for Linux 8.0 FixPak 13 IBM DB2 Universal Database for IX 9.1 Fixpak 4 IBM DB2 Universal Database for HP-UX 8.0 IBM DB2 Universal Database for HP-UX 9.5 FixPak 1 IBM DB2 Universal Database for HP-UX 9.5 IBM DB2 Universal Database for HP-UX 9.1 FixPak 4a IBM DB2 Universal Database for HP-UX 9.1 FixPak 4 IBM DB2 Universal Database for HP-UX 9.1 Fixpak 4 IBM DB2 Universal Database for HP-UX 9.1 FixPak 3 IBM DB2 Universal Database for HP-UX 9.1 FixPack 2 IBM DB2 Universal Database for HP-UX 9.1 IBM DB2 Universal Database for HP-UX 8.0 FixPak 16 IBM DB2 Universal Database for HP-UX 8.0 FixPak 13 IBM DB2 Universal Database for AIX 8.0 IBM DB2 Universal Database for AIX 9.5 FixPak 1 IBM DB2 Universal Database for AIX 9.5 IBM DB2 Universal Database for AIX 9.1 FixPak 4a IBM DB2 Universal Database for AIX 9.1 FixPak 4 IBM DB2 Universal Database for AIX 9.1 FixPak 3 IBM DB2 Universal Database for AIX 9.1 FixPack 2 IBM DB2 Universal Database for AIX 9.1 IBM DB2 Universal Database for AIX 9.1 IBM DB2 Universal Database for AIX 8.0 FixPak 16 IBM DB2 Universal Database for AIX 8.0 FixPak 15 IBM DB2 Universal Database for AIX 8.0 FixPak 14 IBM DB2 Universal Database for AIX 8.0 FixPak 13 IBM DB2 Universal Database 9.5 Fix Pack 1 IBM DB2 Universal Database 9.5 IBM DB2 Universal Database 9.1 Fix Pack 4a IBM DB2 Universal Database 9.1 IBM DB2 Universal Database 8.0.0 FixPak 16 IBM DB2 Universal Database 8.0 厂商解决方案 IBM DB2 Universal Database 9.5 Fixpak 2已经修补此漏洞: <a href="http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22190" target="_blank" rel=external nofollow>http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22190</a> |
| id | SSV:11670 |
| last seen | 2017-11-19 |
| modified | 2009-06-22 |
| published | 2009-06-22 |
| reporter | Root |
| title | IBM DB2 DAS Server缓冲区溢出漏洞 |
References
- ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT
- http://secunia.com/advisories/31787
- http://www.securityfocus.com/bid/35408
- http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22004
- http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22188
- http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22190
- http://www-01.ibm.com/support/docview.wss?uid=swg21318189
- https://exchange.xforce.ibmcloud.com/vulnerabilities/51108