Vulnerability Name:

CVE-2007-1087 (CCN-32651)

Assigned:2007-02-22
Published:2007-02-22
Updated:2019-05-23
Summary:IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 does not properly terminate certain input strings, which allows local users to execute arbitrary code via unspecified environment variables that trigger a heap-based buffer overflow.
CVSS v3 Severity:9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.3 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.3 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-119
Vulnerability Consequences:Gain Privileges
References:Source: MITRE
Type: CNA
CVE-2007-1087

Source: IDEFENSE
Type: Broken Link
20070222 IBM DB2 Universal Database Multiple Privilege Escalation Vulnerabilities

Source: OSVDB
Type: Broken Link
40970

Source: CCN
Type: IBM APAR IY94833
SECURITY: MULTIPLE DB2 ENVIRONMENT VARIABLES CAUSE BUFFER OVERFLOW VULNERABILITY AND SYMLINK OVERWRITE VULNERABILITY.

Source: AIXAPAR
Type: Patch, Vendor Advisory
IY94833

Source: VIM
Type: Third Party Advisory
20070818 Recent DB2 Vulnerabilities

Source: CCN
Type: OSVDB ID: 40970
IBM DB2 Universal Database Unspecified Input Handling Local Environment Variable Overflow

Source: BID
Type: Patch, Third Party Advisory, VDB Entry
22677

Source: CCN
Type: BID-22677
IBM DB2 Universal Database Multiple Local Privilege Escalation Vulnerabilities

Source: XF
Type: Third Party Advisory, VDB Entry
db2-bss-bo(32651)

Source: XF
Type: UNKNOWN
db2-bss-bo(32651)

Source: CCN
Type: iDefense Labs PUBLIC ADVISORY: 02.22.07
IBM DB2 Universal Database Multiple Privilege Escalation Vulnerabilities

Vulnerable Configuration:Configuration 1:
  • cpe:/a:ibm:db2:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2:8.0:fp13:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2:8.0:fp14:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2:8.0:fp8:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2:8.0:fp9:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2:8.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2:8.1:fp13:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2:8.1:fp14:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2:8.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2:8.1.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2:8.1.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2:8.1.6c:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2:8.1.7:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2:8.1.7b:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2:8.1.8:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2:8.1.8a:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2:8.1.9:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2:8.1.9a:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2:9.1:-:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2:9.1:fp1:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:ibm:db2_universal_database:8.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2_universal_database:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2_universal_database:9.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2_universal_database:8.0:fp14:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2_universal_database:8.0:fp13:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2_universal_database:8.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2_universal_database:8.1.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2_universal_database:8.1.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2_universal_database:8.1.6c:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2_universal_database:8.1.7:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2_universal_database:8.1.7b:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2_universal_database:8.1.8:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2_universal_database:8.1.8a:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2_universal_database:8.1.9:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2_universal_database:8.1.9a:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2_universal_database:8.10:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2_universal_database:8.12:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    ibm db2 8.0
    ibm db2 8.0 fp13
    ibm db2 8.0 fp14
    ibm db2 8.0 fp8
    ibm db2 8.0 fp9
    ibm db2 8.1
    ibm db2 8.1 fp13
    ibm db2 8.1 fp14
    ibm db2 8.1.4
    ibm db2 8.1.5
    ibm db2 8.1.6
    ibm db2 8.1.6c
    ibm db2 8.1.7
    ibm db2 8.1.7b
    ibm db2 8.1.8
    ibm db2 8.1.8a
    ibm db2 8.1.9
    ibm db2 8.1.9a
    ibm db2 9.1
    ibm db2 9.1 fp1
    ibm db2 universal database 8.1
    ibm db2 universal database 8.0
    ibm db2 universal database 9.1
    ibm db2 universal database 8.0 fp14
    ibm db2 universal database 8.0 fp13
    ibm db2 universal database 8.1.4
    ibm db2 universal database 8.1.5
    ibm db2 universal database 8.1.6
    ibm db2 universal database 8.1.6c
    ibm db2 universal database 8.1.7
    ibm db2 universal database 8.1.7b
    ibm db2 universal database 8.1.8
    ibm db2 universal database 8.1.8a
    ibm db2 universal database 8.1.9
    ibm db2 universal database 8.1.9a
    ibm db2 universal database 8.10
    ibm db2 universal database 8.12