CVE-2004-1372 - Multiple stack-based buffer overflows in IBM DB2 7.x and 8.1 allow local users to execute arbitrary

CVE-2004-1372

Summary

Multiple stack-based buffer overflows in IBM DB2 7.x and 8.1 allow local users to execute arbitrary code via (1) a long third argument to the rec2xml function or (2) a long filename argument to the generate_distfile procedure.

References

Vulnerable Configurations

cpe:2.3:a:ibm:db2_universal_database:7.0:*:linux:*:*:*:*:*
cpe:2.3:a:ibm:db2_universal_database:7.0:*:linux:*:*:*:*:*
cpe:2.3:a:ibm:db2_universal_database:7.1:*:linux:*:*:*:*:*
cpe:2.3:a:ibm:db2_universal_database:7.1:*:linux:*:*:*:*:*
cpe:2.3:a:ibm:db2_universal_database:7.2:*:linux:*:*:*:*:*
cpe:2.3:a:ibm:db2_universal_database:7.2:*:linux:*:*:*:*:*
cpe:2.3:a:ibm:db2_universal_database:8.1:*:aix:*:*:*:*:*
cpe:2.3:a:ibm:db2_universal_database:8.1:*:aix:*:*:*:*:*

CVSS

Base:	7.2 (as of 11-07-2017 - 01:30)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bid	11089
bugtraq	20041223 IBM DB2 generate_distfile buffer overflow vulnerability (#NISR2122004L) 20041223 IBM DB2 rec2xml buffer overflow vulnerability (#NISR2122004J)
misc	http://www.ngssoftware.com/advisories/db223122004K.txt http://www.ngssoftware.com/advisories/db223122004L.txt
xf	db2-generatedistfile-bo(18663) db2-rec2xml-bo(18682)

Last major update

11-07-2017 - 01:30

Published

01-09-2004 - 04:00

Last modified

11-07-2017 - 01:30