CVE-2008-0699

Severity

90%

Complexity

80%

Confidentiality

165%

Unspecified vulnerability in the ADMIN_SP_C procedure (SYSPROC.ADMIN_SP_C) in IBM DB2 UDB before 8.2 Fixpak 16, 9.1 before FP4a, and 9.5 before FP1 allows remote authenticated users to execute arbitrary code via unspecified attack vectors.

Unspecified vulnerability in the ADMIN_SP_C procedure (SYSPROC.ADMIN_SP_C) in IBM DB2 UDB before 8.2 Fixpak 16, 9.1 before FP4a, and 9.5 before FP1 allows remote authenticated users to execute arbitrary code via unspecified attack vectors.

CVSS 2.0 Base Score 9. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:S/C:C/I:C/A:C).

Overview

Type

IBM DB2

First reported 17 years ago

2008-02-12 01:00:00

Last updated 6 years ago

2018-11-01 15:01:00

Affected Software

IBM DB2 8.2 Fixpack 1

8.2

IBM DB2 8.2 Fixpack 10

8.2

IBM DB2 8.2 Fixpack 11

8.2

IBM DB2 8.2 Fixpack 12

8.2

IBM DB2 8.2 Fixpack 13

8.2

IBM DB2 8.2 Fixpack 14

8.2

IBM DB2 8.2 Fixpack 15

8.2

IBM DB2 8.2 Fixpack 16

8.2

IBM DB2 8.2 Fixpack 2

8.2

IBM DB2 8.2 Fixpack 3

8.2

IBM DB2 8.2 Fixpack 4

8.2

IBM DB2 8.2 Fixpack 5

8.2

IBM DB2 8.2 Fixpack 6

8.2

IBM DB2 8.2 Fixpack 7

8.2

IBM DB2 8.2 Fixpack 8

8.2

IBM DB2 8.2 Fixpack 9

8.2

IBM DB2 9.1

9.1

IBM DB2 9.1 Fixpack 1

9.1

IBM DB2 9.1 Fixpack 2

9.1

IBM DB2 9.1 Fixpack 2a

9.1

IBM DB2 9.1 Fixpack 3

9.1

IBM DB2 9.1 Fixpack 3a

9.1

IBM DB2 9.1 Fixpack 4

9.1

IBM DB2 9.5

9.5

References

ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT

Vendor Advisory

41795

Broken Link

28771

Third Party Advisory

29022

Third Party Advisory

29784

Third Party Advisory

http://www.appsecinc.com/resources/alerts/db2/2008-02.shtml

Third Party Advisory

20080418 Team SHATTER Security Advisory: IBM DB2 UDB Arbitrary code execution in ADMIN_SP_C/ADMIN_SP_C2 procedures

Third Party Advisory, VDB Entry

ADV-2008-0401

Third Party Advisory

IZ06972

Patch, Vendor Advisory

IZ06973

Patch, Vendor Advisory

IZ10917

Patch, Vendor Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.