漏洞信息详情
IBM DB2多个命令行格式字符串漏洞
- CNNVD编号:CNNVD-200409-066
- 危害等级: 高危
- CVE编号: CVE-2003-1051
- 漏洞类型: 格式化字符串
- 发布时间: 2004-09-28
- 威胁类型: 本地
- 更新时间: 2005-10-20
- 厂 商: ibm
- 漏洞来源: This vulnerability...
漏洞简介
IBM DB2 Universal Database 8.1版本中存在多个格式字符串漏洞。本地用户可以借助(1)db2start,(2) db2stop,或者(3) db2govd中的特定命令行参数执行任意代码。
漏洞公告
It has been reported that IBM has released Fixpack 4 for v8 of the database. IBM is also said to be currently developing Fixpack 11 for v7, which will be available in mid November 2003. This information has not yet been verified by Symantec. Until this information has been confirmed, users are advised to check the following URL for Fixpack releases. http://www-3.ibm.com/cgi-bin/db2www/data/db2/udb/winos2unix/support/download.d2w/report
参考网址
来源: XF 名称: db2-multiple-binaries-bo(13633) 链接:http://xforce.iss.net/xforce/xfdb/13633 来源: BID 名称: 8989 链接:http://www.securityfocus.com/bid/8989 来源: BUGTRAQ 名称: 20031108 SRT2003-11-06-0710 - IBM DB2 Multiple local security issues 链接:http://www.securityfocus.com/archive/1/343804 来源: www.secnetops.com 链接:http://www.secnetops.com/research/advisories/SRT2003-11-06-0710.txt
受影响实体
- Ibm Db2:9.0
补丁
暂无
评论