4 results (0.004 seconds)

CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 0

IBM DB2 High Performance Unload load for LUW 6.1 and 6.5 could allow a local attacker to execute arbitrary code on the system, caused by an untrusted search path vulnerability. By using a executable file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 168298. La carga de IBM DB2 High Performance Unload para LUW versiones 6.1 y 6.5, podría permitir a un atacante local ejecutar código arbitrario en el sistema, causado por una vulnerabilidad de ruta de búsqueda no confiable. Mediante el uso de un archivo ejecutable, un atacante podría explotar esta vulnerabilidad para ejecutar código arbitrario en el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/168298 https://www.ibm.com/support/pages/node/1128063 • CWE-426: Untrusted Search Path •

CVSS: 8.4EPSS: 0%CPEs: 5EXPL: 0

IBM DB2 High Performance Unload load for LUW 6.1 and 6.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. IBM X-Force ID: 165481. Una carga de IBM DB2 High Performance Unload para LUW versiones 6.1 y 6.5, es vulnerable a un desbordamiento del búfer, causado por una comprobación de límites inapropiada que podría permitir a un atacante local ejecutar código arbitrario en el sistema con privilegios de root. ID de IBM X-Force: 165481. • https://exchange.xforce.ibmcloud.com/vulnerabilities/165481 https://supportcontent.ibm.com/support/pages/node/1073236 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 8.4EPSS: 0%CPEs: 8EXPL: 0

IBM DB2 High Performance Unload load for LUW 6.1, 6.1.0.1, 6.1.0.1 IF1, 6.1.0.2, 6.1.0.2 IF1, and 6.1.0.1 IF2 db2hpum and db2hpum_debug binaries are setuid root and have built-in options that allow an low privileged user the ability to load arbitrary db2 libraries from a privileged context. This results in arbitrary code being executed with root authority. IBM X-Force ID: 163489. IBM DB2 High Performance Unload carga para LUW versiones 6.1, 6.1.0.1, 6.1.0.1 IF1, 6.1.0.2, 6.1.0.2 IF1 y 6.1.0.1 IF2, los archivos binarios db2hpum y db2hpum_debug, que son root de setuid y presentan opciones integradas que permiten a un usuario poco privilegiado la capacidad de cargar bibliotecas db2 arbitrarias desde un contexto privilegiado. Esto resulta en un código arbitrario que es ejecutado con autorización root. • http://www.ibm.com/support/docview.wss?uid=ibm10964592 https://exchange.xforce.ibmcloud.com/vulnerabilities/163489 • CWE-269: Improper Privilege Management •

CVSS: 8.4EPSS: 0%CPEs: 8EXPL: 0

IBM DB2 High Performance Unload load for LUW 6.1, 6.1.0.1, 6.1.0.1 IF1, 6.1.0.2, 6.1.0.2 IF1, and 6.1.0.1 IF2 db2hpum_debug is a setuid root binary which trusts the PATH environment variable. A low privileged user can execute arbitrary commands as root by altering the PATH variable to point to a user controlled location. When a crash is induced the trojan gdb command is executed. IBM X-Force ID: 163488. IBM DB2 High Performance Unload carga para LUW versiones 6.1, 6.1.0.1, 6.1.0.1 IF1, 6.1.0.2, 6.1.0.2 IF1 y 6.1.0.1 IF2, el archivo db2hpum_debug, que es un binario root de setuid que confía en la variable de entorno PATH. • http://www.ibm.com/support/docview.wss?uid=ibm10964592 https://exchange.xforce.ibmcloud.com/vulnerabilities/163488 • CWE-427: Uncontrolled Search Path Element •