DefenseCode Security Advisory IBM DB2 Command Line Processor Buffer Overflow Advisory ID: DC-2017-04-002 Advisory Title: IBM DB2 Command Line Processor Buffer Overflow Advisory URL: http://ift.tt/2td06vo Software: IBM DB2 Version: V9.7, V10.1, V10.5 and V11.1 on all platforms Vendor Status: Vendor Contacted / Fixed (CVE-2017-1297) Release Date: 26.06.2017 Risk: High 1. General Overview =================== IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) Command Line Process (CLP) is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code. The vulnerability is triggered by providing an overly long procedure name inside a CALL statement. 2. Software Overview =================== DB2 is a database product from IBM. It is a Relational Database Management System. DB2 is designed to store, analyze and retrieve the data efficiently. DB2 currently supports Linux, UNIX and Windows platforms. db2bp is a persistent background process for the DB2 Command Line Processor, and it is the process which actually connects to the database. 3. Brief Vulnerability Description ================================== By providing a specially crafted command file to the db2 CLP utility, it is possible to cause a buffer overflow and possibly hijack the execution flow of the program. Crafted file contains a CALL statement with an overly long procedure parameter. 3.1 Proof of Concept The following python script will generate a proof of concept .sql crash test file that can be used to verify the vulnerability:
Source: Gmail -> IFTTT-> Blogger
No comments:
Post a Comment