NI3
11-10-2003, 01:50 PM
Security-Corporation ID : SC-0732
Author : KF <[Only registered and activated users can see links]>
Product : IBM DB2 UDB v8.1
Source Message Contents :
Secure Network Operations, Inc. [Only registered and activated users can see links]
Strategic Reconnaissance Team [Only registered and activated users can see links]
Team Lead Contact [Only registered and activated users can see links]
Our Mission:
************************************************** **********************
Secure Network Operations offers expertise in Networking, Intrusion
Detection Systems (IDS), Software Security Validation, and
Corporate/Private Network Security. Our mission is to facilitate a
secure and reliable Internet and inter-enterprise communications
infrastructure through the products and services we offer.
To learn more about our company, products and services or to request a
demo of ANVIL FCS please visit our site at [Only registered and activated users can see links] or
call us at: 978-263-3829
Quick Summary:
************************************************** **********************
Advisory Number : SRT2003-11-06-0710
Product : IBM DB2 UDB v8.1
Version : versions v7 and v8
Vendor : [Only registered and activated users can see links]
Class : Local
Criticality : High
Operating System(s) : *nix
Notice
************************************************** **********************
The full technical details of this vulnerability can be found at:
[Only registered and activated users can see links] under the research section.
Basic Explanation
************************************************** **********************
High Level Description : DB2 contains multiple local security issues.
What to do : Apply v7fp11 (late November) and v8fp4.
Basic Technical Details
************************************************** **********************
Proof Of Concept Status : SNO has not yet created proof of concept.
Low Level Description : DB2 UDB version 8.1 for Linux and Unix contains
several local buffer overflows and format strings conditions. Our tests were
performed against DB2 on linux as installed from 009_ESE_LNX_32_NLV.tar.
Other unix variants may be affected in a similar manor.
Depending on the options selected the DB2 installer *may* ask you to add
several users to your machine. You are instructed to either add a new user
or choose an existing username. These are the users I added for testing:
dasusr:x:501:501::/home/dasusr:/bin/bash
db2inst1:x:502:502::/home/db2inst1:/bin/bash
db2fenc1:x:503:503::/home/db2fenc1:/bin/bash
The above usernames *may* be used in several setuid applications included
with DB2. The conditions we found are associated with the Instance user
db2inst1.
The following binaries contain multiple security issues in the form of both
format strings issues and buffer overflows.
-r-sr-s--x 1 root db2inst1 38044 Oct 11 07:26 db2start
-r-sr-s--x 1 root db2inst1 84713 Oct 11 07:26 db2stop
-r-sr-s--x 1 db2inst1 db2inst1 141857 Oct 11 07:26 db2govd
Full details on the overflows and format strings conditions can be located
at [Only registered and activated users can see links]
Workaround: chmod -s the above mentioned binaries or use vendor patches.
Vendor Status : IBM has promptly attended to the issues at hand
Fixpak 4 for v8 is available now at [Only registered and activated users can see links]
/data/db2/udb/winos2unix/support/download.d2w/report (wordwrapped). Fixpak
11 for v7 should be ready late november and will contain the equivalent fixes.
Bugtraq URL : To be assigned.
Disclaimer
----------------------------------------------------------------------
This advisory was released by Secure Network Operations,Inc. as a matter
of notification to help administrators protect their networks against
the described vulnerability. Exploit source code is no longer released
in our advisories but can be obtained under contract.. Contact our sales
department at [Only registered and activated users can see links] for further information on how to
obtain proof of concept code.
----------------------------------------------------------------------
Secure Network Operations, Inc. || [Only registered and activated users can see links]
"Embracing the future of technology, protecting you."
Author : KF <[Only registered and activated users can see links]>
Product : IBM DB2 UDB v8.1
Source Message Contents :
Secure Network Operations, Inc. [Only registered and activated users can see links]
Strategic Reconnaissance Team [Only registered and activated users can see links]
Team Lead Contact [Only registered and activated users can see links]
Our Mission:
************************************************** **********************
Secure Network Operations offers expertise in Networking, Intrusion
Detection Systems (IDS), Software Security Validation, and
Corporate/Private Network Security. Our mission is to facilitate a
secure and reliable Internet and inter-enterprise communications
infrastructure through the products and services we offer.
To learn more about our company, products and services or to request a
demo of ANVIL FCS please visit our site at [Only registered and activated users can see links] or
call us at: 978-263-3829
Quick Summary:
************************************************** **********************
Advisory Number : SRT2003-11-06-0710
Product : IBM DB2 UDB v8.1
Version : versions v7 and v8
Vendor : [Only registered and activated users can see links]
Class : Local
Criticality : High
Operating System(s) : *nix
Notice
************************************************** **********************
The full technical details of this vulnerability can be found at:
[Only registered and activated users can see links] under the research section.
Basic Explanation
************************************************** **********************
High Level Description : DB2 contains multiple local security issues.
What to do : Apply v7fp11 (late November) and v8fp4.
Basic Technical Details
************************************************** **********************
Proof Of Concept Status : SNO has not yet created proof of concept.
Low Level Description : DB2 UDB version 8.1 for Linux and Unix contains
several local buffer overflows and format strings conditions. Our tests were
performed against DB2 on linux as installed from 009_ESE_LNX_32_NLV.tar.
Other unix variants may be affected in a similar manor.
Depending on the options selected the DB2 installer *may* ask you to add
several users to your machine. You are instructed to either add a new user
or choose an existing username. These are the users I added for testing:
dasusr:x:501:501::/home/dasusr:/bin/bash
db2inst1:x:502:502::/home/db2inst1:/bin/bash
db2fenc1:x:503:503::/home/db2fenc1:/bin/bash
The above usernames *may* be used in several setuid applications included
with DB2. The conditions we found are associated with the Instance user
db2inst1.
The following binaries contain multiple security issues in the form of both
format strings issues and buffer overflows.
-r-sr-s--x 1 root db2inst1 38044 Oct 11 07:26 db2start
-r-sr-s--x 1 root db2inst1 84713 Oct 11 07:26 db2stop
-r-sr-s--x 1 db2inst1 db2inst1 141857 Oct 11 07:26 db2govd
Full details on the overflows and format strings conditions can be located
at [Only registered and activated users can see links]
Workaround: chmod -s the above mentioned binaries or use vendor patches.
Vendor Status : IBM has promptly attended to the issues at hand
Fixpak 4 for v8 is available now at [Only registered and activated users can see links]
/data/db2/udb/winos2unix/support/download.d2w/report (wordwrapped). Fixpak
11 for v7 should be ready late november and will contain the equivalent fixes.
Bugtraq URL : To be assigned.
Disclaimer
----------------------------------------------------------------------
This advisory was released by Secure Network Operations,Inc. as a matter
of notification to help administrators protect their networks against
the described vulnerability. Exploit source code is no longer released
in our advisories but can be obtained under contract.. Contact our sales
department at [Only registered and activated users can see links] for further information on how to
obtain proof of concept code.
----------------------------------------------------------------------
Secure Network Operations, Inc. || [Only registered and activated users can see links]
"Embracing the future of technology, protecting you."