IBM DB2 install_jar Arbitrary File Upload Remote Code Execution Vulnerability
Vulnerability Details
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM DB2. Authentication is required in that a user must have the ability to connect to the database.
The specific flaw exists within the install_jar procedure. The install_jar procedure contains a directory traversal vulnerability that will allow the attacker to upload a Jar file to a directory outside of the intended "\function\jar\Name_of_logged_user\" directory. A remote attacker can abuse this to execute arbitrary code under the context of the current user.
Additional Details
IZ21983: http://www-01.ibm.com/support/docview.wss?uid=swg1IZ21983
IZ22143: http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22143
Disclosure Timeline
- 2010-06-17 - Vulnerability reported to vendor
- 2010-10-19 - Coordinated public release of advisory
Credit
Anonymous