Advisory Details

January 31st, 2011

IBM DB2 db2dasrrm validateUser Remote Code Execution Vulnerability

ZDI-11-035
ZDI-CAN-775

CVE ID
CVSS SCORE 9, (AV:N/AC:L/Au:N/C:P/I:P/A:C)
AFFECTED VENDORS IBM
AFFECTED PRODUCTS DB2 Universal Database
VULNERABILITY DETAILS

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM DB2. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the db2dasrrm process responsible for handling queries to the com.ibm.db2.das.core.DasSysCmd function. While processing a request, the username supplied is copied into a fixed-length stack buffer. By providing a large enough string the copy operation can overflow leading to remote code execution.

ADDITIONAL DETAILS

https://www-304.ibm.com/support/docview.wss?uid=swg21426108

v9.1 fp10
IC69986
https://www-304.ibm.com/support/docview.wss?uid=swg1IC69986

v9.5 fp6
IC70538
https://www-304.ibm.com/support/docview.wss?uid=swg1IC70538

v9.7 fp3
IC70539
https://www-304.ibm.com/support/docview.wss?uid=swg1IC70539


DISCLOSURE TIMELINE
  • 2010-06-30 - Vulnerability reported to vendor
  • 2011-01-31 - Coordinated public release of advisory
CREDIT Intevydis http://intevydis.com
BACK TO ADVISORIES