ID CVE-2004-0795
Summary DB2 8.1 remote command server (DB2RCMD.EXE) executes the db2rcmdc.exe program as the db2admin administrator, which allows local users to gain privileges via the DB2REMOTECMD named pipe.
References
Vulnerable Configurations
  • cpe:2.3:a:ibm:db2_universal_database:8.1:*:aix:*:*:*:*:*
    cpe:2.3:a:ibm:db2_universal_database:8.1:*:aix:*:*:*:*:*
CVSS
Base: 7.2 (as of 11-07-2017 - 01:30)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:L/Au:N/C:C/I:C/A:C
refmap via4
aixapar IY53894
bid 9821
bugtraq 20040309 IBM DB2 Remote Command Execution Privilege Upgrade (#NISR09032004)
misc http://www.nextgenss.com/advisories/db2rmtcmd.txt
xf db2-rcs-gain-privileges(15420)
Last major update 11-07-2017 - 01:30
Published 20-10-2004 - 04:00
Last modified 11-07-2017 - 01:30
Back to Top