Vulnerabilities > CVE-2018-1936 - Out-of-bounds Write vulnerability in IBM DB2

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

nessus

NVD

Published: 2019-04-03

Updated: 2020-08-24

Summary

IBM DB2 9.7, 10.1, 10.5, and 11.1 libdb2e.so.1 is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code. IBM X-Force ID: 153316.

Vulnerable Configurations

Part	Description	Count
Application	Ibm IBM DB2 9.7.0.0 IBM DB2 9.7.0.1 IBM DB2 9.7.0.2 IBM DB2 9.7.0.3 IBM DB2 9.7.0.4 IBM DB2 9.7.0.5 IBM DB2 9.7.0.6 IBM DB2 9.7.0.7 IBM DB2 9.7.0.8 IBM DB2 9.7.0.9 IBM DB2 9.7.0.10 IBM DB2 9.7.0.11 IBM DB2 10.1.0.0 IBM DB2 10.1.0.1 IBM DB2 10.1.0.2 IBM DB2 10.1.0.3 IBM DB2 10.1.0.4 IBM DB2 10.1.0.5 IBM DB2 10.1.0.6 IBM DB2 10.5.0.0 IBM DB2 10.5.0.1 IBM DB2 10.5.0.2 IBM DB2 10.5.0.3 IBM DB2 10.5.0.4 IBM DB2 10.5.0.5 IBM DB2 10.5.0.6 IBM DB2 10.5.0.7 IBM DB2 10.5.0.8 IBM DB2 10.5.0.9 IBM DB2 10.5.0.10 IBM DB2 11.1.0.0 IBM DB2 11.1.1.1 IBM DB2 11.1.2.2 IBM DB2 11.1.3.3 IBM DB2 11.1.4.4	35
OS	Linux Linux Linux Kernel -	1
OS	Microsoft Microsoft Windows -	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

Nessus

NASL family	General
NASL id	IBM_SPECTRUM_PROTECT_8_1_8.NASL
description	IBM Spectrum Protect, formerly known as Tivoli Storage Manager, installed on the remote host is version 7.1.x < 7.1.9.300 or 8.1.x < 8.1.8. It is, therefore, affected by multiple IBM Db2 remote code execution and privilege escalation vulnerabilities. These vulnerabilities could allow an attacker to gain system-level access to the affected host. Note that Nessus has not tested for this issue but has instead relied only on the application
last seen	2020-03-18
modified	2019-07-24
plugin id	126987
published	2019-07-24
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/126987
title	IBM Spectrum Protect 7.1.x < 7.1.9.300 / 8.1.x < 8.1.8 Multiple Vulnerabilities
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(126987); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/28"); script_cve_id( "CVE-2018-1922", "CVE-2018-1923", "CVE-2018-1936", "CVE-2018-1978", "CVE-2018-1980", "CVE-2019-4014", "CVE-2019-4015", "CVE-2019-4016", "CVE-2019-4094" ); script_bugtraq_id( 107398, 107439, 107686, 107985 ); script_name(english:"IBM Spectrum Protect 7.1.x < 7.1.9.300 / 8.1.x < 8.1.8 Multiple Vulnerabilities"); script_summary(english:"Checks the version of IBM Spectrum Protect."); script_set_attribute(attribute:"synopsis", value: "The backup service installed on the remote host is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "IBM Spectrum Protect, formerly known as Tivoli Storage Manager, installed on the remote host is version 7.1.x < 7.1.9.300 or 8.1.x < 8.1.8. It is, therefore, affected by multiple IBM Db2 remote code execution and privilege escalation vulnerabilities. These vulnerabilities could allow an attacker to gain system-level access to the affected host. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"http://www.ibm.com/support/docview.wss?uid=ibm10882974"); script_set_attribute(attribute:"solution", value: "Upgrade to IBM Spectrum Protect 7.1.9.300 or 8.1.8 or later."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-4094"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/06/28"); script_set_attribute(attribute:"patch_publication_date", value:"2019/06/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/07/24"); script_set_attribute(attribute:"plugin_type", value:"combined"); script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:tivoli_storage_manager"); script_set_attribute(attribute:"cpe", value:"x-cpe:/a:ibm:spectrum_protect"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"General"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ibm_tsm_detect.nasl", "ibm_spectrum_protect_installed.nbin"); script_require_ports("installed_sw/IBM Tivoli Storage Manager", "installed_sw/IBM Spectrum Protect"); exit(0); } include('vcf.inc'); include('vcf_extras.inc'); port = get_service(svc:'tsm-agent'); app_info = vcf::ibm::spectrum_protect::get_app_info(port:port); vcf::check_granularity(app_info:app_info, sig_segments:2); constraints = [ { 'min_version' : '7.1', 'max_version' : '7.1.9.200', 'fixed_version' : '7.1.9.300' }, { 'min_version' : '8.1', 'fixed_version' : '8.1.8' } ]; vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

References