fkie_cve-2008-1966
Vulnerability from fkie_nvd
Published
2008-04-27 18:05
Modified
2024-11-21 00:45
Severity ?
Summary
Multiple buffer overflows in the JAR file administration routines in the BSU JAVA subcomponent in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 allow remote authenticated users to cause a denial of service (instance crash) via a call to the (1) RECOVERJAR or (2) REMOVE_JAR procedure with a crafted parameter, related to (a) sqlj.install_jar and (b) sqlj.replace_jar.
References
cve@mitre.orghttp://osvdb.org/46268
cve@mitre.orghttp://osvdb.org/46269
cve@mitre.orghttp://secunia.com/advisories/29022Vendor Advisory
cve@mitre.orghttp://www-1.ibm.com/support/docview.wss?uid=swg1IZ08512
cve@mitre.orghttp://www-1.ibm.com/support/docview.wss?uid=swg1IZ08945
cve@mitre.orghttp://www-1.ibm.com/support/docview.wss?uid=swg1IZ15496
cve@mitre.orghttp://www-1.ibm.com/support/docview.wss?uid=swg21255607
cve@mitre.orghttp://www.appsecinc.com/resources/alerts/db2/2008-04.shtml
cve@mitre.orghttp://www.securityfocus.com/archive/1/491071/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/28835
cve@mitre.orghttp://www.securityfocus.com/bid/29601
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/41955
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/46268
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/46269
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/29022Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-1.ibm.com/support/docview.wss?uid=swg1IZ08512
af854a3a-2127-422b-91ae-364da2661108http://www-1.ibm.com/support/docview.wss?uid=swg1IZ08945
af854a3a-2127-422b-91ae-364da2661108http://www-1.ibm.com/support/docview.wss?uid=swg1IZ15496
af854a3a-2127-422b-91ae-364da2661108http://www-1.ibm.com/support/docview.wss?uid=swg21255607
af854a3a-2127-422b-91ae-364da2661108http://www.appsecinc.com/resources/alerts/db2/2008-04.shtml
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/491071/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/28835
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/29601
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/41955
Impacted products
Vendor Product Version
ibm db2 8.0
ibm db2 8.0
ibm db2 8.0
ibm db2 8.0
ibm db2 8.0
ibm db2 8.0
ibm db2 8.0
ibm db2 8.0
ibm db2 8.0
ibm db2 8.0
ibm db2 8.0
ibm db2 8.0
ibm db2 8.0
ibm db2 8.0
ibm db2 8.0
ibm db2 8.0
ibm db2 8.0
ibm db2 8.0
ibm db2 8.0
ibm db2 8.0
ibm db2 8.0
ibm db2 8.0
ibm db2 8.0
ibm db2 8.0
ibm db2 9.5
ibm db2 9.1
ibm db2 9.1
ibm db2 9.1
ibm db2 9.1
ibm db2 9.1
ibm db2 9.1
ibm db2 9.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC1FC760-D058-4DE6-80B3-F3AA22757A10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "DE35AE57-E7D6-4CD0-AE86-D414009C361E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp10:*:*:*:*:*:*",
              "matchCriteriaId": "FBE50207-5779-445A-B3E7-FA548242BD8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp11:*:*:*:*:*:*",
              "matchCriteriaId": "940D9A1D-DD61-4C78-8ADC-434F78E5626B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp12:*:*:*:*:*:*",
              "matchCriteriaId": "2185F942-DCEC-4EE4-840E-62C4C6F1D6FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp13:*:*:*:*:*:*",
              "matchCriteriaId": "333F67D2-27CC-4013-B3FA-63BF6F557269",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp14:*:*:*:*:*:*",
              "matchCriteriaId": "77D67C50-31B6-4058-9B4D-F06EF8D9B3BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp15:*:*:*:*:*:*",
              "matchCriteriaId": "5AA59598-F121-491D-BE8C-D7712A3D6E99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "72FA9A16-8AFD-4D93-95B4-EAB6E6030D7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "BB299EAB-31AA-4BAA-B477-0F909A8418AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "6FD22E1E-F5BC-45D5-98F4-EDEE87D718F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp4a:*:*:*:*:*:*",
              "matchCriteriaId": "1CA96F81-E7BD-4BEB-9B4F-6CEA95B57742",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "222C1B84-0C28-451F-BB02-4CB925263312",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp6:*:*:*:*:*:*",
              "matchCriteriaId": "08177181-660C-4BF4-9031-74EE89297CE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp6a:*:*:*:*:*:*",
              "matchCriteriaId": "AB51AF7F-6D09-4EEE-AE8E-E6CCF06C28E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp6b:*:*:*:*:*:*",
              "matchCriteriaId": "64BC5E59-361E-4343-9BB9-9772D47E57B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp6c:*:*:*:*:*:*",
              "matchCriteriaId": "A2E1FC49-96AF-4933-BBE8-71DAEAEDD855",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp7:*:*:*:*:*:*",
              "matchCriteriaId": "0B5FF14E-2971-4F3F-AD25-D00B0FEDA08F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp7a:*:*:*:*:*:*",
              "matchCriteriaId": "56B7F547-3519-4A12-AB65-C1768153A7DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp7b:*:*:*:*:*:*",
              "matchCriteriaId": "FE9D14B8-5B4E-4D27-88B9-EBAC46D8282C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp8:*:*:*:*:*:*",
              "matchCriteriaId": "19584860-5ADF-4647-AF39-88C236407FAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp8a:*:*:*:*:*:*",
              "matchCriteriaId": "6669F847-ED6A-422F-85F7-DAF9B0159F01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp9:*:*:*:*:*:*",
              "matchCriteriaId": "20FE296C-25D0-4689-BAA3-AFCA2C1CC388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp9a:*:*:*:*:*:*",
              "matchCriteriaId": "E8D354AD-995D-4FC8-A7C4-7860549A1634",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "11ABF7CC-2FA5-4F2D-901A-2D0EF5B8E717",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B28091A-8772-41DC-9D91-D5359CDDA7A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "2AF419E7-F2B5-4E2A-B85D-C0EC6C1DEA4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "95BBA3F1-C276-4C30-BFE5-9CE212BEBEFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp2a:*:*:*:*:*:*",
              "matchCriteriaId": "A39759EE-5166-4122-8EFD-93CD79909403",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "4DF01163-F805-4FC8-9836-462034D1B5CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp3a:*:*:*:*:*:*",
              "matchCriteriaId": "E570E88C-35F8-4E12-8121-20536AC8A0AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "757E30FB-2EFB-4B3D-9931-17D584D433A2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple buffer overflows in the JAR file administration routines in the BSU JAVA subcomponent in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 allow remote authenticated users to cause a denial of service (instance crash) via a call to the (1) RECOVERJAR or (2) REMOVE_JAR procedure with a crafted parameter, related to (a) sqlj.install_jar and (b) sqlj.replace_jar."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples desbordamientos de b\u00fafer en las rutinas de administraci\u00f3n de archivos JAR en el subcomponente BSU JAVA en IBM DB2 versi\u00f3n 8 anteriores a FP16, versi\u00f3n 9.1 anteriores a FP4a y versi\u00f3n 9.5 anteriores a FP1, permite a usuarios autenticados remotos causar una denegaci\u00f3n de servicio (por ejemplo, un bloqueo de instancia) por medio  de una llamada al procedimiento (1) RECOVERJAR o (2) REMOVE_JAR_JAR con un par\u00e1metro  dise\u00f1ado, relacionado con (a) sqlj.install_jar y (b) sqlj.replace_jar."
    }
  ],
  "evaluatorSolution": "http://www-1.ibm.com/support/docview.wss?uid=swg21255572http://www-1.ibm.com/support/docview.wss?uid=swg21287889\r\nhttp://www-1.ibm.com/support/docview.wss?uid=swg21256235",
  "id": "CVE-2008-1966",
  "lastModified": "2024-11-21T00:45:46.677",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-04-27T18:05:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/46268"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/46269"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29022"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ08512"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ08945"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ15496"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21255607"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.appsecinc.com/resources/alerts/db2/2008-04.shtml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/491071/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/28835"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/29601"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41955"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/46268"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/46269"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29022"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ08512"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ08945"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ15496"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21255607"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.appsecinc.com/resources/alerts/db2/2008-04.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/491071/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/28835"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/29601"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41955"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.