IBM DB2 install_jar Arbitrary File Upload Remote Code Execution Vulnerability

October 19th, 2010

Vulnerability Details

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM DB2. Authentication is required in that a user must have the ability to connect to the database.

The specific flaw exists within the install_jar procedure. The install_jar procedure contains a directory traversal vulnerability that will allow the attacker to upload a Jar file to a directory outside of the intended "\function\jar\Name_of_logged_user\" directory. A remote attacker can abuse this to execute arbitrary code under the context of the current user.

Additional Details

IZ21983: http://www-01.ibm.com/support/docview.wss?uid=swg1IZ21983
IZ22143: http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22143


Disclosure Timeline

  • 2010-06-17 - Vulnerability reported to vendor
  • 2010-10-19 - Coordinated public release of advisory

Credit

Anonymous

Back to Advisories