Pentest Security Advisory : PTL-2003-01
IBM DB2 LOAD Command Stack Overflow Vulnerability

Author: Mark Rowe
Announcement date: 1st October 2003
Advisory Reference: ptl-2003-01
Title: IBM DB2 LOAD Command Stack Overflow Vulnerabilities
CVE Name: CAN-2003-0836
Bugtraq ID: 8742
Product: IBM DB2 Universal Database
Vulnerability Type : Buffer Overflow
Vendor-URL: http://www.ibm.com/software/data/db2/udb
Vendor-Status: Fixpack Issued
Remotely Exploitable: Yes
Locally Exploitable: Yes
Advisory URL: http://www.pentest.co.uk/

Vulnerability Description

DB2 is IBM's relational database software. The IBM DB2 LOAD command, moves data from files, named pipes, or devices into a DB2 table. This command is vulnerable to a stack based overflow that allows an attacker with "Connect" privileges to the database to execute arbitrary code on the vulnerable machine, by default in the context of the Administrators group on Windows and typically db2as or db2inst1 on Linux.

The vulnerability is triggered by issuing a carefully crafted LOAD command.

Vulnerable Versions

IBM DB2 Universal Data Base v7.2 for Linux/x86 is vulnerable.

IBM DB2 Universal Data Base v7.2 for Windows is vulnerable.

According to the vendor IBM DB2 Universal Data Base v8.1 is also vulnerable.

Other IBM DB2 versions and target platforms were not available for testing, but may be vulnerable as well.

The vendor stated that 'the problem was in common code and therefore affected all platforms and both v7 and v8 (though not all of those would have been exploitable).'

Vendor Status

IBM:
- Pentest Notification: 20-11-2002
- Notification acknowledged by IBM: 22-11-2002
- Fixes available from: 17-09-2003

Fix

Issue is fixed in Fixpak 10/10a for DB2 v7.2.

Issue is fixed in Fixpak 2 for DB2 v8.1.

Fixpaks are available at:

http://www-3.ibm.com/cgi-bin/db2www/data/db2/udb/winos2unix/support/download.d2w/report

Credit

This vulnerability was discovered by Mark Rowe from Pentest Limited.

arrow morePTL-2003-02

PTL-2002-05arrow more

Security Services

Pentest offers a thorough, yet adaptive range of security services to help customers address vulnerabilities in their network or applications. Services include: Secure Coding Workshops, SAST tools, Manual Penetration Testing and Security Audits.

read more arrow more

Database Services

Pentest offers a complete Database Security Assessment Service (DSAS) to businesses that rely on the security of the information held within their databases or have concerns relating to the security compliance of these systems.

read more arrow more

© Copyright Pentest Limited 2001 - 2015 All Rights Reserved. Privacy statement Design: Jalee Design