正文

IBM DB2多个命令行格式字符串漏洞

admin
admin V管理员 /0 评论 /6 阅读
1231
此篇文章发布距今已超过1237天,您需要注意文章的内容或图片是否可用!

漏洞信息详情

IBM DB2多个命令行格式字符串漏洞

  • CNNVD编号:CNNVD-200409-066
    • <!--
  • 危害等级: 高危-->
  • 危害等级: 高危
  • CVE编号: CVE-2003-1051
  • 漏洞类型: 格式化字符串
  • 发布时间: 2004-09-28
  • 威胁类型: 本地
  • 更新时间: 2005-10-20
  • 厂        商: ibm
  • 漏洞来源: This vulnerability...

漏洞简介

IBM DB2 Universal Database 8.1版本中存在多个格式字符串漏洞。本地用户可以借助(1)db2start,(2) db2stop,或者(3) db2govd中的特定命令行参数执行任意代码。

漏洞公告

It has been reported that IBM has released Fixpack 4 for v8 of the database. IBM is also said to be currently developing Fixpack 11 for v7, which will be available in mid November 2003. This information has not yet been verified by Symantec. Until this information has been confirmed, users are advised to check the following URL for Fixpack releases. http://www-3.ibm.com/cgi-bin/db2www/data/db2/udb/winos2unix/support/download.d2w/report

参考网址

来源: XF 名称: db2-multiple-binaries-bo(13633) 链接:http://xforce.iss.net/xforce/xfdb/13633 来源: BID 名称: 8989 链接:http://www.securityfocus.com/bid/8989 来源: BUGTRAQ 名称: 20031108 SRT2003-11-06-0710 - IBM DB2 Multiple local security issues 链接:http://www.securityfocus.com/archive/1/343804 来源: www.secnetops.com 链接:http://www.secnetops.com/research/advisories/SRT2003-11-06-0710.txt

受影响实体

  • Ibm Db2:9.0  
    <!--
    2000-1-1
    -->

补丁

    暂无