Vulnerability Name:

CVE-2004-1372 (CCN-18682)

Assigned:2004-09-01
Published:2004-09-01
Updated:2017-07-11
Summary:Multiple stack-based buffer overflows in IBM DB2 7.x and 8.1 allow local users to execute arbitrary code via (1) a long third argument to the rec2xml function or (2) a long filename argument to the generate_distfile procedure.
CVSS v3 Severity:9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: BugTraq Mailing List, Thu Dec 23 2004 - 11:01:16 CST
IBM DB2 rec2xml buffer overflow vulnerability (#NISR2122004J)

Source: MITRE
Type: CNA
CVE-2004-1372

Source: BUGTRAQ
Type: UNKNOWN
20041223 IBM DB2 generate_distfile buffer overflow vulnerability (#NISR2122004L)

Source: BUGTRAQ
Type: UNKNOWN
20041223 IBM DB2 rec2xml buffer overflow vulnerability (#NISR2122004J)

Source: CCN
Type: IBM Web site
DB2 Universal Database for Linux, Unix and Windows

Source: MISC
Type: Patch, Vendor Advisory
http://www.ngssoftware.com/advisories/db223122004K.txt

Source: MISC
Type: Patch, Vendor Advisory
http://www.ngssoftware.com/advisories/db223122004L.txt

Source: CCN
Type: OSVDB ID: 12758
IBM DB2 generate_distfile Local Overflow

Source: CCN
Type: OSVDB ID: 12759
IBM DB2 rec2xml Local Overflow

Source: CCN
Type: OSVDB ID: 9525
IBM DB2 Unspecified Remote Overflow 1

Source: CCN
Type: OSVDB ID: 9526
IBM DB2 Unspecified Remote Overflow 2

Source: BID
Type: Patch
11089

Source: CCN
Type: BID-11089
IBM DB2 Universal Database REC2XML and GENERATE_DISTFILE Buffer Overflow Vulnerabilities

Source: XF
Type: UNKNOWN
db2-generatedistfile-bo(18663)

Source: XF
Type: UNKNOWN
db2-rec2xml-bo(18682)

Source: XF
Type: UNKNOWN
db2-rec2xml-bo(18682)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:ibm:db2_universal_database:7.0:*:linux:*:*:*:*:*
  • OR cpe:/a:ibm:db2_universal_database:7.1:*:linux:*:*:*:*:*
  • OR cpe:/a:ibm:db2_universal_database:7.2:*:linux:*:*:*:*:*
  • OR cpe:/a:ibm:db2_universal_database:8.1:*:aix:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:ibm:db2_universal_database:7.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2_universal_database:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2_universal_database:8.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2_universal_database:7.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2:8.1:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    ibm db2 universal database 7.0
    ibm db2 universal database 7.1
    ibm db2 universal database 7.2
    ibm db2 universal database 8.1
    ibm db2 universal database 7.1
    ibm db2 universal database 7.0
    ibm db2 universal database 8.1
    ibm db2 universal database 7.2
    ibm db2 8.1