Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Stack-based buffer overflow in db2dasrrm in the DB2 Administration Server (DAS) in IBM DB2 Universal Database 9.5 before Fix Pack 1, 9.1 before Fix Pack 4a, and 8 before FixPak 16 allows local users to execute arbitrary code via a long DASPROF environment variable.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
IBM DB2数据库db2dasrrm缓冲区溢出和文件创建漏洞
Vulnerability Description
IBM DB2是美国IBM公司的一套关系型数据库管理系统。该系统的执行环境主要有UNIX、Linux、IBM i、z/OS以及Windows服务器版本。 DB2数据库所捆绑的db2dasrrm程序没有充分地验证用户所提供的DASPROF环境变量内容的长度,如果攻击者将该变量设置为特制的字符串的话,就可以在将该字符串拷贝到栈上静态大小缓冲区时触发溢出,导致覆盖栈上所存储的执行控制结构并执行任意指令。如果要利用这个漏洞,攻击者必须能够执行有漏洞的set-uid root db2dasrrm程序。 db2das
CVSS Information
N/A
Vulnerability Type
N/A