Vulnerability Name:
CVE-2008-0699 (CCN-40231)
Assigned:
2008-01-30
Published:
2008-01-30
Updated:
2018-11-01
Summary:
Unspecified vulnerability in the ADMIN_SP_C procedure (SYSPROC.ADMIN_SP_C) in IBM DB2 UDB before 8.2 Fixpak 16, 9.1 before FP4a, and 9.5 before FP1 allows remote authenticated users to execute arbitrary code via unspecified attack vectors.
CVSS v3 Severity:
5.3 Medium
(CCN CVSS v3.1 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
)
Exploitability Metrics:
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope:
Scope (S):
Unchanged
Impact Metrics:
Confidentiality (C):
None
Integrity (I):
Low
Availibility (A):
None
CVSS v2 Severity:
9.0 High
(CVSS v2 Vector:
AV:N/AC:L/Au:S/C:C/I:C/A:C
)
6.7 Medium
(Temporal CVSS v2 Vector:
AV:N/AC:L/Au:S/C:C/I:C/A:C/E:U/RL:OF/RC:C
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Low
Authentication (Au):
Single_Instance
Impact Metrics:
Confidentiality (C):
Complete
Integrity (I):
Complete
Availibility (A):
Complete
4.3 Medium
(CCN CVSS v2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
)
3.2 Low
(CCN Temporal CVSS v2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Medium
Athentication (Au):
None
Impact Metrics:
Confidentiality (C):
None
Integrity (I):
Partial
Availibility (A):
None
Vulnerability Type:
CWE-noinfo
Vulnerability Consequences:
Other
References:
Source: CCN
Type: IBM FTP site
APAR fixes included in Fixpak 16
Source: CONFIRM
Type: Vendor Advisory
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT
Source: MITRE
Type: CNA
CVE-2008-0699
Source: OSVDB
Type: Broken Link
41795
Source: CCN
Type: SA28771
IBM DB2 UDB Multiple Vulnerabilities
Source: SECUNIA
Type: Third Party Advisory
28771
Source: CCN
Type: SA29022
IBM DB2 Multiple Vulnerabilities
Source: SECUNIA
Type: Third Party Advisory
29022
Source: CCN
Type: SA29784
IBM DB2 Multiple Vulnerabilities
Source: SECUNIA
Type: Third Party Advisory
29784
Source: CCN
Type: IBM Technote (FAQ) 1256235
DB2 UDB Version 8 FixPaks and clients
Source: AIXAPAR
Type: Patch, Vendor Advisory
IZ06972
Source: AIXAPAR
Type: Patch, Vendor Advisory
IZ06973
Source: AIXAPAR
Type: Patch, Vendor Advisory
IZ10917
Source: MISC
Type: Third Party Advisory
http://www.appsecinc.com/resources/alerts/db2/2008-02.shtml
Source: CCN
Type: OSVDB ID: 41631
IBM DB2 Universal Database SYSPROC.ADMIN_SP_C* Unspecified Remote Arbitrary Code Execution
Source: CCN
Type: OSVDB ID: 41795
IBM DB2 Universal Database SYSPROC.ADMIN_SP_C Unspecified Issue
Source: BUGTRAQ
Type: Third Party Advisory, VDB Entry
20080418 Team SHATTER Security Advisory: IBM DB2 UDB Arbitrary code execution in ADMIN_SP_C/ADMIN_SP_C2 procedures
Source: CCN
Type: BID-27596
IBM DB2 Universal Database Server 8.2 Prior To Fixpak 16 Multiple Local Vulnerabilities
Source: VUPEN
Type: Third Party Advisory
ADV-2008-0401
Source: XF
Type: UNKNOWN
db2-sysprocadminspc-unspecified(40231)
Vulnerable Configuration:
Configuration 1
:
cpe:/a:ibm:db2:8.2:fp1:*:*:*:*:*:*
OR
cpe:/a:ibm:db2:8.2:fp10:*:*:*:*:*:*
OR
cpe:/a:ibm:db2:8.2:fp11:*:*:*:*:*:*
OR
cpe:/a:ibm:db2:8.2:fp12:*:*:*:*:*:*
OR
cpe:/a:ibm:db2:8.2:fp13:*:*:*:*:*:*
OR
cpe:/a:ibm:db2:8.2:fp14:*:*:*:*:*:*
OR
cpe:/a:ibm:db2:8.2:fp15:*:*:*:*:*:*
OR
cpe:/a:ibm:db2:8.2:fp16:*:*:*:*:*:*
OR
cpe:/a:ibm:db2:8.2:fp2:*:*:*:*:*:*
OR
cpe:/a:ibm:db2:8.2:fp3:*:*:*:*:*:*
OR
cpe:/a:ibm:db2:8.2:fp4:*:*:*:*:*:*
OR
cpe:/a:ibm:db2:8.2:fp5:*:*:*:*:*:*
OR
cpe:/a:ibm:db2:8.2:fp6:*:*:*:*:*:*
OR
cpe:/a:ibm:db2:8.2:fp7:*:*:*:*:*:*
OR
cpe:/a:ibm:db2:8.2:fp8:*:*:*:*:*:*
OR
cpe:/a:ibm:db2:8.2:fp9:*:*:*:*:*:*
OR
cpe:/a:ibm:db2:9.1:-:*:*:*:*:*:*
OR
cpe:/a:ibm:db2:9.1:fp1:*:*:*:*:*:*
OR
cpe:/a:ibm:db2:9.1:fp2:*:*:*:*:*:*
OR
cpe:/a:ibm:db2:9.1:fp2a:*:*:*:*:*:*
OR
cpe:/a:ibm:db2:9.1:fp3:*:*:*:*:*:*
OR
cpe:/a:ibm:db2:9.1:fp3a:*:*:*:*:*:*
OR
cpe:/a:ibm:db2:9.1:fp4:*:*:*:*:*:*
OR
cpe:/a:ibm:db2:9.5:-:*:*:*:*:*:*
Configuration CCN 1
:
cpe:/a:ibm:db2_universal_database:8.2:fp15:*:*:*:*:*:*
OR
cpe:/a:ibm:db2_universal_database:8.2:*:*:*:*:*:*:*
OR
cpe:/a:ibm:db2_universal_database:8.2:fp1:*:*:*:*:*:*
OR
cpe:/a:ibm:db2_universal_database:8.2:fp2:*:*:*:*:*:*
OR
cpe:/a:ibm:db2_universal_database:8.2:fp3:*:*:*:*:*:*
OR
cpe:/a:ibm:db2_universal_database:8.2:fp4:*:*:*:*:*:*
OR
cpe:/a:ibm:db2_universal_database:8.2:fp5:*:*:*:*:*:*
OR
cpe:/a:ibm:db2_universal_database:8.2:fp6:*:*:*:*:*:*
OR
cpe:/a:ibm:db2_universal_database:8.2:fp8:*:*:*:*:*:*
OR
cpe:/a:ibm:db2_universal_database:8.2:fp9:*:*:*:*:*:*
OR
cpe:/a:ibm:db2_universal_database:8.2:fp10:*:*:*:*:*:*
OR
cpe:/a:ibm:db2_universal_database:8.2:fp11:*:*:*:*:*:*
OR
cpe:/a:ibm:db2_universal_database:8.2:fp12:*:*:*:*:*:*
OR
cpe:/a:ibm:db2_universal_database:8.2:fp13:*:*:*:*:*:*
OR
cpe:/a:ibm:db2_universal_database:8.2:fp14:*:*:*:*:*:*
OR
cpe:/a:ibm:db2_universal_database:8.2:fp7:*:*:*:*:*:*
Denotes that component is vulnerable
BACK
ibm
db2 8.2 fp1
ibm
db2 8.2 fp10
ibm
db2 8.2 fp11
ibm
db2 8.2 fp12
ibm
db2 8.2 fp13
ibm
db2 8.2 fp14
ibm
db2 8.2 fp15
ibm
db2 8.2 fp16
ibm
db2 8.2 fp2
ibm
db2 8.2 fp3
ibm
db2 8.2 fp4
ibm
db2 8.2 fp5
ibm
db2 8.2 fp6
ibm
db2 8.2 fp7
ibm
db2 8.2 fp8
ibm
db2 8.2 fp9
ibm
db2 9.1
ibm
db2 9.1 fp1
ibm
db2 9.1 fp2
ibm
db2 9.1 fp2a
ibm
db2 9.1 fp3
ibm
db2 9.1 fp3a
ibm
db2 9.1 fp4
ibm
db2 9.5
ibm
db2 universal database 8.2 fp15
ibm
db2 universal database 8.2
ibm
db2 universal database 8.2 fp1
ibm
db2 universal database 8.2 fp2
ibm
db2 universal database 8.2 fp3
ibm
db2 universal database 8.2 fp4
ibm
db2 universal database 8.2 fp5
ibm
db2 universal database 8.2 fp6
ibm
db2 universal database 8.2 fp8
ibm
db2 universal database 8.2 fp9
ibm
db2 universal database 8.2 fp10
ibm
db2 universal database 8.2 fp11
ibm
db2 universal database 8.2 fp12
ibm
db2 universal database 8.2 fp13
ibm
db2 universal database 8.2 fp14
ibm
db2 universal database 8.2 fp7
Denotes that component is vulnerable