fkie_nvd - fkie_cve-2007-1087

fkie_cve-2007-1087

Vulnerability from fkie_nvd

Published

2007-02-23 22:28

Modified

2025-04-09 00:30

Severity ?

Summary

IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 does not properly terminate certain input strings, which allows local users to execute arbitrary code via unspecified environment variables that trigger a heap-based buffer overflow.

References

URL	Tags
cve@mitre.org	http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=481	Broken Link
cve@mitre.org	http://osvdb.org/40970	Broken Link
cve@mitre.org	http://www-1.ibm.com/support/docview.wss?uid=swg21255747	Patch, Vendor Advisory
cve@mitre.org	http://www.attrition.org/pipermail/vim/2007-August/001765.html	Third Party Advisory
cve@mitre.org	http://www.securityfocus.com/bid/22677	Patch, Third Party Advisory, VDB Entry
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/32651	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=481	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/40970	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www-1.ibm.com/support/docview.wss?uid=swg21255747	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.attrition.org/pipermail/vim/2007-August/001765.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/22677	Patch, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/32651	Third Party Advisory, VDB Entry

Impacted products

Vendor	Product	Version
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.0
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1.4
ibm	db2	8.1.5
ibm	db2	8.1.6
ibm	db2	8.1.6c
ibm	db2	8.1.7
ibm	db2	8.1.7b
ibm	db2	8.1.8
ibm	db2	8.1.8a
ibm	db2	8.1.9
ibm	db2	8.1.9a
ibm	db2	9.1
ibm	db2	9.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC1FC760-D058-4DE6-80B3-F3AA22757A10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp13:*:*:*:*:*:*",
              "matchCriteriaId": "333F67D2-27CC-4013-B3FA-63BF6F557269",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp14:*:*:*:*:*:*",
              "matchCriteriaId": "77D67C50-31B6-4058-9B4D-F06EF8D9B3BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp8:*:*:*:*:*:*",
              "matchCriteriaId": "19584860-5ADF-4647-AF39-88C236407FAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp9:*:*:*:*:*:*",
              "matchCriteriaId": "20FE296C-25D0-4689-BAA3-AFCA2C1CC388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8190EC6B-BA0D-498D-8ECB-2E37D8742A29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp13:*:*:*:*:*:*",
              "matchCriteriaId": "5F02B3A6-F771-4F6A-A1E8-5E3EC1080272",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp14:*:*:*:*:*:*",
              "matchCriteriaId": "DCF379F0-6D58-47A9-849E-C48D13496C87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "05154E69-63D7-4F51-89F5-1199A3E6E074",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B729909-4377-4472-94C4-432CD89BCF7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC320999-569A-48AA-92B7-CDE8394BBC39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1.6c:*:*:*:*:*:*:*",
              "matchCriteriaId": "EDA7BA56-F167-4236-A725-B2F38D6B0D03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "F97F5666-4502-437D-AA81-8C0488CD73B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1.7b:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DDB5A77-3D2C-4142-9448-1542D9C99A1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "3FFAAAD6-56E0-48FE-8D9E-13BD13D6A776",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1.8a:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4C77B11-C53E-49E7-9C49-2C574390B609",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFF6FFCD-E744-4D45-8BDD-32ADC94AD655",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1.9a:*:*:*:*:*:*:*",
              "matchCriteriaId": "4837F6EC-4E0D-480B-8DF4-BD0DA49394A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B28091A-8772-41DC-9D91-D5359CDDA7A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "2AF419E7-F2B5-4E2A-B85D-C0EC6C1DEA4F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 does not properly terminate certain input strings, which allows local users to execute arbitrary code via unspecified environment variables that trigger a heap-based buffer overflow."
    },
    {
      "lang": "es",
      "value": "IBM DB2 8.x anterior a 8.1 FixPak 15 y 9.1 anterior a Fix Pack 2 no finaliza adecuadamente ciertas cadenas de entrada, lo cual permite a usuarios locales ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de variables de entorno no especificadas que disparan un desbordamiento de b\u00fafer basado en pila."
    }
  ],
  "id": "CVE-2007-1087",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-02-23T22:28:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=481"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://osvdb.org/40970"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21255747"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.attrition.org/pipermail/vim/2007-August/001765.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/22677"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32651"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=481"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://osvdb.org/40970"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21255747"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.attrition.org/pipermail/vim/2007-August/001765.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/22677"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32651"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2007-1087 (GCVE-0-2007-1087)

Vulnerability from cvelistv5

Published

2007-02-23 22:00