ID CVE-2004-0795
Summary DB2 8.1 remote command server (DB2RCMD.EXE) executes the db2rcmdc.exe program as the db2admin administrator, which allows local users to gain privileges via the DB2REMOTECMD named pipe.
References
Vulnerable Configurations
  • cpe:2.3:a:ibm:db2_universal_database:8.1:-:aix
    cpe:2.3:a:ibm:db2_universal_database:8.1:-:aix
CVSS
Base: 7.2 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
metasploit via4
description This module exploits a vulnerability in the Remote Command Server component in IBM's DB2 Universal Database 8.1. An authenticated attacker can send arbitrary commands to the DB2REMOTECMD named pipe which could lead to administrator privileges.
id MSF:AUXILIARY/ADMIN/DB2/DB2RCMD
last seen 2019-03-24
modified 2017-07-24
published 2008-11-11
reliability Normal
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/db2/db2rcmd.rb
title IBM DB2 db2rcmd.exe Command Execution Vulnerability
refmap via4
aixapar IY53894
bid 9821
bugtraq 20040309 IBM DB2 Remote Command Execution Privilege Upgrade (#NISR09032004)
misc http://www.nextgenss.com/advisories/db2rmtcmd.txt
xf db2-rcs-gain-privileges(15420)
Last major update 17-10-2016 - 22:49
Published 20-10-2004 - 00:00
Last modified 10-07-2017 - 21:30
Back to Top