CVE-2003-1051

Multiple format string vulnerabilities in IBM DB2 Universal Database 8.1 may allow local users to execute arbitrary code via certain command line arguments to (1) db2start, (2) db2stop, or (3) db2govd.

CVSS v2.0 7.2 HIGH

7.2^/10

CVSS v2.0 : HIGH

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.secnetops.com/research/advisories/SRT2003-11-06-0710.txt
http://www.securityfocus.com/archive/1/343804	Vendor Advisory
http://www.securityfocus.com/bid/8989	Exploit Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/13633
http://www.secnetops.com/research/advisories/SRT2003-11-06-0710.txt
http://www.securityfocus.com/archive/1/343804	Vendor Advisory
http://www.securityfocus.com/bid/8989	Exploit Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/13633

Configurations

Configuration 1 (hide)

cpe:2.3:a:ibm:db2:9.0:*:*:*:*:*:*:*

History

20 Nov 2024, 23:46

Type	Values Removed	Values Added
References	~~() http://www.secnetops.com/research/advisories/SRT2003-11-06-0710.txt -~~	() http://www.secnetops.com/research/advisories/SRT2003-11-06-0710.txt -
References	~~() http://www.securityfocus.com/archive/1/343804 - Vendor Advisory~~	() http://www.securityfocus.com/archive/1/343804 - Vendor Advisory
References	~~() http://www.securityfocus.com/bid/8989 - Exploit, Patch, Vendor Advisory~~	() http://www.securityfocus.com/bid/8989 - Exploit, Patch, Vendor Advisory
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/13633 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/13633 -

Information

Published : 2004-09-28 04:00

Updated : 2024-11-20 23:46

NVD link : CVE-2003-1051

Mitre link : CVE-2003-1051

CVE.ORG link : CVE-2003-1051

JSON object : View

Products Affected

ibm

db2

CWE

NVD-CWE-Other

{"id": "CVE-2003-1051", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2004-09-28T04:00:00.000", "references": [{"url": "http://www.secnetops.com/research/advisories/SRT2003-11-06-0710.txt", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/343804", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/8989", "tags": ["Exploit", "Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13633", "source": "cve@mitre.org"}, {"url": "http://www.secnetops.com/research/advisories/SRT2003-11-06-0710.txt", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/343804", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/8989", "tags": ["Exploit", "Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13633", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Multiple format string vulnerabilities in IBM DB2 Universal Database 8.1 may allow local users to execute arbitrary code via certain command line arguments to (1) db2start, (2) db2stop, or (3) db2govd."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de cadena de formato en IBM Universal Database 8.1 puede permitir a usuarios locales ejecutar c\u00f3digo arbitrario mediante ciertos argumentos de l\u00ednea de comando a (1) db2start, (2) db2stop, or (3) db2govd."}], "lastModified": "2024-11-20T23:46:14.277", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:db2:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EFF280E6-CF00-4B71-B58A-2087D339C665"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}