fkie_nvd - fkie_cve-2007-1088

fkie_cve-2007-1088

Vulnerability from fkie_nvd

Published

2007-02-23 22:28

Modified

2024-11-21 00:27

Severity ?

Summary

Stack-based buffer overflow in IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 allows local users to execute arbitrary code via a long string in unspecified environment variables.

References

URL	Tags
cve@mitre.org	http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=481	Broken Link
cve@mitre.org	http://osvdb.org/40971	Broken Link
cve@mitre.org	http://www-1.ibm.com/support/docview.wss?uid=swg21255747	Patch, Vendor Advisory
cve@mitre.org	http://www.attrition.org/pipermail/vim/2007-August/001765.html	Third Party Advisory
cve@mitre.org	http://www.securityfocus.com/bid/22677	Patch, Third Party Advisory, VDB Entry
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/32652	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=481	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/40971	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www-1.ibm.com/support/docview.wss?uid=swg21255747	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.attrition.org/pipermail/vim/2007-August/001765.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/22677	Patch, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/32652	Third Party Advisory, VDB Entry

Impacted products

Vendor	Product	Version
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1.4
ibm	db2	8.1.5
ibm	db2	8.1.6
ibm	db2	8.1.6c
ibm	db2	8.1.7
ibm	db2	8.1.7b
ibm	db2	8.1.8
ibm	db2	8.1.8a
ibm	db2	8.1.9
ibm	db2	8.1.9a
ibm	db2	9.1
ibm	db2	9.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC1FC760-D058-4DE6-80B3-F3AA22757A10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp13:*:*:*:*:*:*",
              "matchCriteriaId": "333F67D2-27CC-4013-B3FA-63BF6F557269",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp14:*:*:*:*:*:*",
              "matchCriteriaId": "77D67C50-31B6-4058-9B4D-F06EF8D9B3BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp8:*:*:*:*:*:*",
              "matchCriteriaId": "19584860-5ADF-4647-AF39-88C236407FAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp9:*:*:*:*:*:*",
              "matchCriteriaId": "20FE296C-25D0-4689-BAA3-AFCA2C1CC388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8190EC6B-BA0D-498D-8ECB-2E37D8742A29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp13:*:*:*:*:*:*",
              "matchCriteriaId": "5F02B3A6-F771-4F6A-A1E8-5E3EC1080272",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp14:*:*:*:*:*:*",
              "matchCriteriaId": "DCF379F0-6D58-47A9-849E-C48D13496C87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "05154E69-63D7-4F51-89F5-1199A3E6E074",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B729909-4377-4472-94C4-432CD89BCF7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC320999-569A-48AA-92B7-CDE8394BBC39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1.6c:*:*:*:*:*:*:*",
              "matchCriteriaId": "EDA7BA56-F167-4236-A725-B2F38D6B0D03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "F97F5666-4502-437D-AA81-8C0488CD73B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1.7b:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DDB5A77-3D2C-4142-9448-1542D9C99A1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "3FFAAAD6-56E0-48FE-8D9E-13BD13D6A776",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1.8a:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4C77B11-C53E-49E7-9C49-2C574390B609",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFF6FFCD-E744-4D45-8BDD-32ADC94AD655",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1.9a:*:*:*:*:*:*:*",
              "matchCriteriaId": "4837F6EC-4E0D-480B-8DF4-BD0DA49394A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B28091A-8772-41DC-9D91-D5359CDDA7A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "2AF419E7-F2B5-4E2A-B85D-C0EC6C1DEA4F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Stack-based buffer overflow in IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 allows local users to execute arbitrary code via a long string in unspecified environment variables."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer basado en pila en IBM DB2 8.x anterior a 8.1 FixPak 15 y 9.1 anterior a Fix Pack 2 permite a usuarios locales ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una cadenas largas en variables no especificadas de entorno."
    }
  ],
  "id": "CVE-2007-1088",
  "lastModified": "2024-11-21T00:27:29.050",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-02-23T22:28:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=481"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://osvdb.org/40971"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21255747"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.attrition.org/pipermail/vim/2007-August/001765.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/22677"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32652"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=481"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://osvdb.org/40971"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21255747"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.attrition.org/pipermail/vim/2007-August/001765.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/22677"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32652"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2007-1088

Vulnerability from cvelistv5

Published

2007-02-23 22:00