fkie_cve-2019-4154
Vulnerability from fkie_nvd
Published
2019-07-01 15:15
Modified
2024-11-21 04:43
Severity ?
Summary
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-Force ID: 158519.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.securityfocus.com/bid/109024 | Broken Link, Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/158519 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=ibm10880737 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/109024 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/158519 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=ibm10880737 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | db2 | 9.7.0.0 | |
| ibm | db2 | 9.7.0.1 | |
| ibm | db2 | 9.7.0.2 | |
| ibm | db2 | 9.7.0.3 | |
| ibm | db2 | 9.7.0.4 | |
| ibm | db2 | 9.7.0.5 | |
| ibm | db2 | 9.7.0.6 | |
| ibm | db2 | 9.7.0.7 | |
| ibm | db2 | 9.7.0.8 | |
| ibm | db2 | 9.7.0.9 | |
| ibm | db2 | 9.7.0.10 | |
| ibm | db2 | 9.7.0.11 | |
| ibm | db2 | 10.1.0.0 | |
| ibm | db2 | 10.1.0.1 | |
| ibm | db2 | 10.1.0.2 | |
| ibm | db2 | 10.1.0.3 | |
| ibm | db2 | 10.1.0.4 | |
| ibm | db2 | 10.1.0.5 | |
| ibm | db2 | 10.1.0.6 | |
| ibm | db2 | 10.5.0.0 | |
| ibm | db2 | 10.5.0.1 | |
| ibm | db2 | 10.5.0.2 | |
| ibm | db2 | 10.5.0.3 | |
| ibm | db2 | 10.5.0.4 | |
| ibm | db2 | 10.5.0.5 | |
| ibm | db2 | 10.5.0.6 | |
| ibm | db2 | 10.5.0.7 | |
| ibm | db2 | 10.5.0.8 | |
| ibm | db2 | 10.5.0.9 | |
| ibm | db2 | 10.5.0.10 | |
| ibm | db2 | 11.1.0.0 | |
| ibm | db2 | 11.1.1.1 | |
| ibm | db2 | 11.1.2.2 | |
| ibm | db2 | 11.1.3.3 | |
| ibm | db2 | 11.1.4.4 | |
| hp | hp-ux | - | |
| ibm | aix | - | |
| linux | linux_kernel | - | |
| oracle | solaris | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:db2:9.7.0.0:*:*:*:*:*:*:*", matchCriteriaId: "37B04412-3F3F-4918-A1DE-C99AF2EE9605", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:9.7.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A8A8E221-7045-4BAD-9B29-ABBC5216559D", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:9.7.0.2:*:*:*:*:*:*:*", matchCriteriaId: "56C39DC1-AD23-4F26-9727-EC0FBDF84BEE", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:9.7.0.3:*:*:*:*:*:*:*", matchCriteriaId: "2513D42C-E558-4CC7-88D3-BB44F1B40157", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:9.7.0.4:*:*:*:*:*:*:*", matchCriteriaId: "6F441BE8-AEC0-44F0-875E-03C65A45CF68", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:9.7.0.5:*:*:*:*:*:*:*", matchCriteriaId: "036E9715-CFAA-4F2A-B432-181EDCA3D812", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:9.7.0.6:*:*:*:*:*:*:*", matchCriteriaId: "9A55FBA0-4DFC-493D-91EF-EB56C241F9CE", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:9.7.0.7:*:*:*:*:*:*:*", matchCriteriaId: "B539123F-B8AC-4051-9458-A780C68E9667", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:9.7.0.8:*:*:*:*:*:*:*", matchCriteriaId: "D3958E50-1F97-4C06-AF22-C635FB2557A0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:9.7.0.9:*:*:*:*:*:*:*", matchCriteriaId: "57AC4D14-805A-42F6-9348-D13C9A48136F", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:9.7.0.10:*:*:*:*:*:*:*", matchCriteriaId: "0B54C55B-9288-4E04-B0D6-6765E5217DFE", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:9.7.0.11:*:*:*:*:*:*:*", matchCriteriaId: "AA99C5A3-D43E-4942-AE87-8DA46FCDCD47", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:10.1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "BC0406EF-7EEF-4616-B1AD-A6E498FB6516", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:10.1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "E5FA4086-9B5D-4352-B717-3F826DE17D4B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:10.1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "AD79FF24-6C10-437B-86AF-E211B8C6FDC5", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:10.1.0.3:*:*:*:*:*:*:*", matchCriteriaId: "7ABB145C-44EE-47F5-9439-DE6433F8008E", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:10.1.0.4:*:*:*:*:*:*:*", matchCriteriaId: "0F138E08-6808-4371-9E9C-096B01126B1C", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:10.1.0.5:*:*:*:*:*:*:*", matchCriteriaId: "813AE6CA-39B5-448C-8781-F2C3B499160A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:10.1.0.6:*:*:*:*:*:*:*", matchCriteriaId: "E19D90B2-0B71-498B-8428-B27950E1D2A7", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:10.5.0.0:*:*:*:*:*:*:*", matchCriteriaId: "1C577979-79CC-4DE2-8433-64595190A5E0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:10.5.0.1:*:*:*:*:*:*:*", matchCriteriaId: "4B27E1F7-888C-40EE-85FF-B5DC099828C3", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:10.5.0.2:*:*:*:*:*:*:*", matchCriteriaId: "57DCF076-B475-41E6-B1ED-44FBC99238C2", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:10.5.0.3:*:*:*:*:*:*:*", matchCriteriaId: "BDB1972D-F7FC-4ABA-9DEE-9953D2572944", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:10.5.0.4:*:*:*:*:*:*:*", matchCriteriaId: "1D276299-D403-4C41-ACBF-A23383CB3FD6", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:10.5.0.5:*:*:*:*:*:*:*", matchCriteriaId: "5830263A-6970-43B8-BF08-2886327004A6", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:10.5.0.6:*:*:*:*:*:*:*", matchCriteriaId: "1F67DD01-F0E6-420E-A144-A8DD001BBBA2", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:10.5.0.7:*:*:*:*:*:*:*", matchCriteriaId: "3AA78533-899B-4482-97A7-7E2730C18C7D", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:10.5.0.8:*:*:*:*:*:*:*", matchCriteriaId: "E036B621-7EE1-41E0-AAEC-D13FCB17B2EB", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:10.5.0.9:*:*:*:*:*:*:*", matchCriteriaId: "5EB95E38-7A78-4798-B0E2-814DAE1153A8", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:10.5.0.10:*:*:*:*:*:*:*", matchCriteriaId: "1B95F778-8E2B-4A6D-BA3B-254F87B492BE", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:11.1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "8E17D042-0EE4-4F81-8E39-D8730D792BCE", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:11.1.1.1:*:*:*:*:*:*:*", matchCriteriaId: "62B40593-EA0D-4134-BBA0-35DA70D3C6B9", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:11.1.2.2:*:*:*:*:*:*:*", matchCriteriaId: "177780EE-76F9-41D9-83C9-48C5DFCF8702", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:11.1.3.3:*:*:*:*:*:*:*", matchCriteriaId: "3E38BC34-066B-4B4D-929F-4E5C6BCB1442", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:11.1.4.4:*:*:*:*:*:*:*", matchCriteriaId: "23910ECC-960A-44DF-BA8D-C1553D088EAF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*", matchCriteriaId: "F480AA32-841A-4E68-9343-B2E7548B0A0C", vulnerable: false, }, { criteria: "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", matchCriteriaId: "E492C463-D76E-49B7-A4D4-3B499E422D89", vulnerable: false, }, { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, { criteria: "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:*", matchCriteriaId: "F5027746-8216-452D-83C5-2F8E9546F2A5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-Force ID: 158519.", }, { lang: "es", value: "IBM DB2 para Linux, UNIX y Windows (incluye DB2 Connect Server) versiones 9.7, 10.1, 10.5, y 11.1 es vulnerable a un desbordamiento de búfer, lo que podría permitir que un atacante local autenticado ejecute código arbitrario en el sistema como root. IBM X-Force ID: 158519.", }, ], id: "CVE-2019-4154", lastModified: "2024-11-21T04:43:15.033", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.5, impactScore: 5.9, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-07-01T15:15:12.227", references: [ { source: "psirt@us.ibm.com", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/109024", }, { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/158519", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10880737", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/109024", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/158519", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10880737", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.