首页 -> 安全研究
安全研究
安全漏洞
IBM DB2 db2ckpw本地缓冲区溢出漏洞
发布日期:2002-05-24
更新日期:2002-05-28
受影响系统:
IBM DB2 Universal Database for Solaris 7.2描述:
IBM DB2 Universal Database for Solaris 7.1
IBM DB2 Universal Database for Solaris 7.0
IBM DB2 Universal Database for Solaris 6.1
IBM DB2 Universal Database for Solaris 6.0
IBM DB2 Universal Database for Linux 7.2
IBM DB2 Universal Database for Linux 7.1
IBM DB2 Universal Database for Linux 7.0
IBM DB2 Universal Database for Linux 6.0
IBM DB2 Universal Database for HP-UX 7.2
IBM DB2 Universal Database for HP-UX 7.1
IBM DB2 Universal Database for HP-UX 6.1
IBM DB2 Universal Database for HP-UX 6.0
IBM DB2 Universal Database for AIX 7.2
IBM DB2 Universal Database for AIX 7.1
IBM DB2 Universal Database for AIX 7.0
IBM DB2 Universal Database for AIX 6.1
IBM DB2 Universal Database for AIX 6.0
IBM DB2 Universal Database for Linux 6.1
- Caldera Open Linux 2.4
- RedHat Linux 7.0
- SuSE Linux 7.0
- Turbo Linux 6.0.4
BUGTRAQ ID: 4817
CVE(CAN) ID: CVE-2002-1583
IBM DB2是一款由IBM公司开发的强大的数据库系统,适合于多种操作系统下使用,其中'db2ckpw'程序以setuid root方式安装,作为验证机制的一部分使用。
'db2ckpw'程序对用户名的数据检查缺少正确的处理,可导致本地攻击者进行缓冲溢出区攻击。
'db2ckpw'程序对大于8个字符长度用户名处理存在漏洞,本地攻击者可以提交包含多个字符的用户名给'db2ckpw'程序,可导致产生缓冲区溢出,精心构建字符串数据可使攻击者以root权限执行任意指令。
<*来源:IBM Security Advisory
链接:http://www-1.ibm.com/services/continuity/recover1.nsf/MSS/MSS-OAR-E01-2002.318.1
*>
建议:
临时解决方法:
如果您不能立刻安装补丁或者升级,NSFOCUS建议您采取以下措施以降低威胁:
* 在防火墙上对DB2数据库进行访问控制,只允许可信用户访问。
厂商补丁:
IBM
---
IBM已经为此发布了一个安全公告(MSS-OAR-E01-2002:318.1)以及相应补丁:
MSS-OAR-E01-2002:318.1:Buffer overflow vulnerability in DB2 for AIX, Linux, Solaris, and HP-UX
链接:http://www-1.ibm.com/services/continuity/recover1.nsf/MSS/MSS-OAR-E01-2002.318.1
补丁下载:
IBM DB2 Universal Database for AIX 6.0:
IBM Hotfix FP10_U482111
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2aixv61/FP10_U482111/
FixPack 10 for DB2 V6 for AIX.
IBM DB2 Universal Database for HP-UX 6.0:
IBM Hotfix FP10_U482113
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2hp10v61/FP10_U482113/
FixPack 10 for DB2 V6 for HP-UX 10.x.
IBM Hotfix FP10_U482114
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2hp11v61/FP10_U482114/
FixPack 10 for DB2 V6 for HP-UX 11.x.
IBM DB2 Universal Database for Linux 6.0:
IBM Hotfix FP10_IP22471
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2linuxv61/FP10_IP22471/
FixPack 10 for DB2 V6 for Linux.
IBM DB2 Universal Database for Solaris 6.0:
IBM Hotfix FP10_U482112
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2sunv61/FP10_U482112/
FixPack 10 for DB2 V6 for Solaris.
IBM DB2 Universal Database for Linux 6.1:
IBM Hotfix FP10_IP22471
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2linuxv61/FP10_IP22471/
FixPack 10 for DB2 V6 for Linux.
IBM DB2 Universal Database for HP-UX 6.1:
IBM Hotfix FP10_U482113
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2hp10v61/FP10_U482113/
FixPack 10 for DB2 V6 for HP-UX 10.x.
IBM Hotfix FP10_U482114
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2hp11v61/FP10_U482114/
FixPack 10 for DB2 V6 for HP-UX 11.x.
IBM DB2 Universal Database for Solaris 6.1:
IBM Hotfix FP10_U482112
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2sunv61/FP10_U482112/
FixPack 10 for DB2 V6 for Solaris.
IBM DB2 Universal Database for AIX 6.1:
IBM Hotfix FP10_U482111
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2aixv61/FP10_U482111/
FixPack 10 for DB2 V6 for AIX.
IBM DB2 Universal Database for AIX 7.0:
IBM Hotfix FP6_U481406
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2aixv7/FP6_U481406/
FixPack 6 for DB2 V7 for AIX.
IBM Hotfix FP6_U481407
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2aix43-64v7/FP6_U481407/
FixPack 6 for DB2 V7 for AIX43-64.
IBM Hotfix FP6_U481408
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2aix5-64v7/FP6_U481408/
FixPack 6 for DB2 V7 for AIX5-64.
IBM DB2 Universal Database for Linux 7.0:
IBM Hotfix FP6_U481413
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2linuxv7/FP6_U481413/
FixPack 6 for DB2 V7 for Linux.
IBM APAR FP6_MI00038
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2linux390v7/FP6_MI00038/
FixPack 6 for DB2 V7 for Linux390.
IBM DB2 Universal Database for HP-UX 7.0:
IBM Hotfix FP6_U481411
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2hpv7/FP6_U481411/
FixPack 6 for DB2 V7 for HP-UX 11.x.
IBM Hotfix FP6_U481412
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2hp64v7/FP6_U481412/
FixPack 6 for DB2 V7 for HP64.
IBM DB2 Universal Database for Solaris 7.0:
IBM Hotfix FP6_U481409
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2sunv7/FP6_U481409/
FixPack 6 for DB2 V7 for Solaris.
IBM Hotfix FP6_U481410
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2sun64v7/FP6_U481410/
FixPack 6 for DB2 V7 for Solaris (64-bit).
IBM DB2 Universal Database for Solaris 7.1:
IBM Hotfix FP6_U481409
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2sunv7/FP6_U481409/
FixPack 6 for DB2 V7 for Solaris.
IBM Hotfix FP6_U481410
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2sun64v7/FP6_U481410/
FixPack 6 for DB2 V7 for Solaris (64-bit).
IBM DB2 Universal Database for Linux 7.1:
IBM Hotfix FP6_U481413
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2linuxv7/FP6_U481413/
FixPack 6 for DB2 V7 for Linux.
IBM APAR FP6_MI00038
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2linux390v7/FP6_MI00038/
FixPack 6 for DB2 V7 for Linux390.
IBM DB2 Universal Database for HP-UX 7.1:
IBM Hotfix FP6_U481411
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2hpv7/FP6_U481411/
FixPack 6 for DB2 V7 for HP-UX 11.x.
IBM Hotfix FP6_U481412
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2hp64v7/FP6_U481412/
FixPack 6 for DB2 V7 for HP64.
IBM DB2 Universal Database for AIX 7.1:
IBM Hotfix FP6_U481406
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2aixv7/FP6_U481406/
FixPack 6 for DB2 V7 for AIX.
IBM Hotfix FP6_U481407
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2aix43-64v7/FP6_U481407/
FixPack 6 for DB2 V7 for AIX43-64.
IBM Hotfix FP6_U481408
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2aix5-64v7/FP6_U481408/
FixPack 6 for DB2 V7 for AIX5-64.
IBM DB2 Universal Database for AIX 7.2:
IBM Hotfix FP6_U481406
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2aixv7/FP6_U481406/
FixPack 6 for DB2 V7 for AIX.
IBM Hotfix FP6_U481407
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2aix43-64v7/FP6_U481407/
FixPack 6 for DB2 V7 for AIX43-64.
IBM Hotfix FP6_U481408
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2aix5-64v7/FP6_U481408/
FixPack 6 for DB2 V7 for AIX5-64.
IBM DB2 Universal Database for Linux 7.2:
IBM Hotfix FP6_U481413
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2linuxv7/FP6_U481413/
FixPack 6 for DB2 V7 for Linux.
IBM APAR FP6_MI00038
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2linux390v7/FP6_MI00038/
FixPack 6 for DB2 V7 for Linux390.
IBM DB2 Universal Database for HP-UX 7.2:
IBM Hotfix FP6_U481411
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2hpv7/FP6_U481411/
FixPack 6 for DB2 V7 for HP-UX 11.x.
IBM Hotfix FP6_U481412
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2hp64v7/FP6_U481412/
FixPack 6 for DB2 V7 for HP64.
IBM DB2 Universal Database for Solaris 7.2:
IBM Hotfix FP6_U481409
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2sunv7/FP6_U481409/
FixPack 6 for DB2 V7 for Solaris.
IBM Hotfix FP6_U481410
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2sun64v7/FP6_U481410/
FixPack 6 for DB2 V7 for Solaris (64-bit).
浏览次数:3571
严重程度:0(网友投票)
绿盟科技给您安全的保障