Privilege escalation in IBM DB2
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 5 |
| CVE-ID | CVE-2018-1544 CVE-2018-1565 CVE-2018-1488 CVE-2018-1515 CVE-2018-1459 |
| CWE-ID | CWE-120 CWE-121 |
| Exploitation vector | Local |
| Public exploit | Public exploit code for vulnerability #5 is available. |
| Vulnerable software |
IBM DB2 Server applications / Database software |
| Vendor | IBM Corporation |
Security Bulletin
This security bulletin contains information about 5 vulnerabilities.
1) Buffer overflow
EUVDB-ID: #VU13002
Risk: Low
CVSSv4.0: 7.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/U:Clear]
CVE-ID: CVE-2018-1544
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe weakness exists due to buffer overflow in db2exmig and db2exfm. A local attacker can trigger memory corruption and escalate privileges to the DB2 instance owner to execute arbitrary code with root privileges.
Mitigation
Install update from vendor's website.
IBM DB2: 9.7.0.0 - 11.1.0.0
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_db2:9.7.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_db2:10.1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_db2:10.5.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_db2:11.1.0.0:*:*:*:*:*:*:*
https://www-01.ibm.com/support/docview.wss?uid=swg22016143
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Buffer overflow
EUVDB-ID: #VU13003
Risk: Low
CVSSv4.0: 7.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/U:Clear]
CVE-ID: CVE-2018-1565
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe weakness exists due to buffer overflow in db2exmig and db2exfm. A local attacker can trigger memory corruption and escalate privileges to the DB2 instance owner to execute arbitrary code with root privileges.
Mitigation
Install update from vendor's website.
IBM DB2: 9.7.0.0 - 11.1.0.0
CPE2.3https://www-01.ibm.com/support/docview.wss?uid=swg22016143
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Buffer overflow
EUVDB-ID: #VU13004
Risk: Low
CVSSv4.0: 7.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/U:Clear]
CVE-ID: CVE-2018-1488
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe weakness exists due to buffer overflow in db2licm. A local attacker can trigger memory corruption and escalate privileges to the DB2 instance owner to execute arbitrary code with root privileges.
Mitigation
Install update from vendor's website.
IBM DB2: 10.5.0.0 - 11.1.0.0
CPE2.3https://www-01.ibm.com/support/docview.wss?uid=swg22016141
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Buffer overflow
EUVDB-ID: #VU13005
Risk: Low
CVSSv4.0: 7.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/U:Clear]
CVE-ID: CVE-2018-1515
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe weakness exists due to buffer overflow in db2convert. A local attacker can trigger memory corruption and escalate privileges to the DB2 instance owner to execute arbitrary code with root privileges.
Mitigation
Install update from vendor's website.
IBM DB2: 10.5.0.0 - 11.1.0.0
CPE2.3https://www-01.ibm.com/support/docview.wss?uid=swg22016140
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Stack-based buffer overflow
EUVDB-ID: #VU13006
Risk: Low
CVSSv4.0: 8.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/U:Clear]
CVE-ID: CVE-2018-1459
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: Yes
DescriptionThe weakness exists due to stack based buffer overflow in Db2's rah.exe. A local attacker can trigger memory corruption and escalate privileges to the DB2 instance owner to execute arbitrary code with root privileges.
Mitigation
Install update from vendor's website.
IBM DB2: 10.5.0.0 - 11.1.0.0
CPE2.3https://www-01.ibm.com/support/docview.wss?uid=swg22016142
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
