CVE-2003-1052 – IBM DB2 - Shared Library Injection
https://notcve.org/view.php?id=CVE-2003-1052
IBM DB2 7.1 and 8.1 allow the bin user to gain root privileges by modifying the shared libraries that are used in setuid root programs. IBM DB2 7.1 y 8.1 permite al usuario bin ganar privilegios de root modificando las librerías compartidas usadas por programas con setuid de root. • https://www.exploit-db.com/exploits/22989 http://www.securityfocus.com/archive/1/331904 http://www.securityfocus.com/bid/8346 https://exchange.xforce.ibmcloud.com/vulnerabilities/12826 •
CVE-2003-1049
https://notcve.org/view.php?id=CVE-2003-1049
IBM DB2 Universal Database 7 before FixPak 12 creates certain DMS directories with insecure permissions (777), which allows local users to modify or delete certain DB2 files. IBM DB2 Universal Database 7 antes de FixPak 12 crea ciertos directorios DMS con permisos inseguros (777), lo que permite a usuarios locales modificar o borrar ciertos ficheros DB2. • http://www-1.ibm.com/support/search.wss?rs=0&q=IY44841&apar=only http://www-1.ibm.com/support/search.wss?rs=0&q=IY44842&apar=only http://www.securityfocus.com/bid/9243 https://exchange.xforce.ibmcloud.com/vulnerabilities/14030 •
CVE-2003-0898 – IBM DB2 db2job - File Overwrite
https://notcve.org/view.php?id=CVE-2003-0898
IBM DB2 7.2 before FixPak 10a, and earlier versions including 7.1, allows local users to overwrite arbitrary files and gain privileges via a symlink attack on (1) db2job and (2) db2job2. IBM DB2 anteriores a FixPak 10a, y versiones anteriores incluyendo la 7.1, permite a usuarios locales sobreescribir ficheros arbitrarios y ganar privilegios mediante un ataque de enlaces simbólicos sobre d2job o db2job2. • https://www.exploit-db.com/exploits/22988 ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2aixv7/FP10a_U495172/FixpakReadme.txt http://marc.info/?l=bugtraq&m=106010332721672&w=2 •
CVE-2003-0836
https://notcve.org/view.php?id=CVE-2003-0836
Stack-based buffer overflow in IBM DB2 Universal Data Base 7.2 before Fixpak 10 and 10a, and 8.1 before Fixpak 2, allows attackers with "Connect" privileges to execute arbitrary code via a LOAD command. Desbordamiento de búfer basado en la pila en IBM DB2 Universal Data Base 7.2 anteriores a Fixpak 10 y 10a, y 8.1 anteriores a Fixpak 2 permite a atacantes con privilegios "connect" ejecutar código arbitrario mediante un comando LOAD. • https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-2003-0836 •