Privilege escalation in IBM DB2
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2018-1566 CVE-2018-1487 CVE-2018-1458 |
| CWE-ID | CWE-264 CWE-427 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
IBM DB2 Server applications / Database software |
| Vendor | IBM Corporation |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Privilege escalation
EUVDB-ID: #VU13610
Risk: Low
CVSSv4.0: 7.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/U:Clear]
CVE-ID: CVE-2018-1566
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain elevated privileges on the target system.
The vulnerability exists due to a flaw on systems that invoke the tool with elevated privileges. A local attacker can trigger a format string flaw in the 'db2support' tool and execute arbitrary ode with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
IBM DB2: 9.7.0.0 - 11.1.0.0
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_db2:9.7.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_db2:10.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_db2:10.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_db2:11.1.0.0:*:*:*:*:*:*:*
https://www-01.ibm.com/support/docview.wss?uid=swg22016182
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Insecure DLL loading
EUVDB-ID: #VU13611
Risk: Low
CVSSv4.0: 7.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/U:Clear]
CVE-ID: CVE-2018-1487
CWE-ID:
CWE-427 - Uncontrolled Search Path Element
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain elevated privileges on the target system.
The vulnerability exists due to untrusted path flaw in DB2 when loading libraries. A local attacker can place a file along with specially crafted .dll file on a remote SBM or WebDAV share and execute arbitrary code on the target system with elevated privileges.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall update from vendor's website.
IBM DB2: 9.7.0.0 - 11.1.0.0
CPE2.3https://www-01.ibm.com/support/docview.wss?uid=swg22016505
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Insecure DLL loading
EUVDB-ID: #VU13612
Risk: Low
CVSSv4.0: 7.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/U:Clear]
CVE-ID: CVE-2018-1458
CWE-ID:
CWE-427 - Uncontrolled Search Path Element
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain elevated privileges on the target system.
The vulnerability exists due to untrusted search path flaw in the DB2 Administration Server (DAS) component. A local attacker can place a file along with specially crafted .dll file on a remote SBM or WebDAV share and execute arbitrary code on the target system with elevated privileges.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall update from vendor's website.
IBM DB2: 9.7.0.0 - 11.1.0.0
CPE2.3https://www-01.ibm.com/support/docview.wss?uid=swg22016624
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
