Lucene search
AnonymousZDI-10-218HistoryOct 19, 2010 - 12:00 a.m.
IBM DB2 install_jar Arbitrary File Upload Remote Code Execution Vulnerability
2010-10-1900:00:00
Anonymous
www.zerodayinitiative.com
12
0.005 Low
EPSS
Percentile
77.0%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM DB2. Authentication is required in that a user must have the ability to connect to the database. The specific flaw exists within the install_jar procedure. The install_jar procedure contains a directory traversal vulnerability that will allow the attacker to upload a Jar file to a directory outside of the intended "\function\jar\Name_of_logged_user" directory. A remote attacker can abuse this to execute arbitrary code under the context of the current user.
Related
cvelist
cvelist
CVE-2008-2154
2009-06-03 20:35:00
cve
cve
CVE-2008-2154
2009-06-03 21:00:00
prion
prion
Code injection
2009-06-03 21:00:00
nvd
nvd
CVE-2008-2154
2009-06-03 21:00:00
openvas
openvas
IBM Db2 Universal Database Multiple Vulnerabilities (Sep 2008) - Windows
2008-09-25 00:00:00
IBM Db2 Universal Database Multiple Vulnerabilities (Sep 2008) - Linux
2008-09-25 00:00:00
IBM Db2 Multiple Vulnerabilities - Linux
2009-06-30 00:00:00
nessus
nessus
IBM DB2 9.5 < Fix Pack 2 Multiple Vulnerabilities
2008-08-28 00:00:00
IBM DB2 8 < Fix Pack 17 Multiple Vulnerabilities
2008-09-12 00:00:00
IBM DB2 < 9 Fix Pack 5 Multiple Vulnerabilities
2008-06-10 00:00:00