CVE-2007-4423 - Vulnerability Details - OpenCVE

Stack-based buffer overflow in the AUTH_LIST_GROUPS_FOR_AUTHID function in IBM DB2 UDB 9.1 before Fixpak 3 allows attackers to cause a denial of service and possibly execute arbitrary code via a long argument.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Db2 Universal Database

Configuration 1 [-]

OR	cpe:2.3:a:ibm:db2_universal_database:8.0:::::::*
	cpe:2.3:a:ibm:db2_universal_database:9.0:::::::*
	cpe:2.3:a:ibm:db2_universal_database:9.1::fp2:::::

No data.

References

Link	Providers
http://secunia.com/advisories/26471
http://www-1.ibm.com/support/docview.wss?uid=swg1IZ01828
http://www-1.ibm.com/support/docview.wss?uid=swg21255607
http://www.appsecinc.com/resources/alerts/db2/2007-01.shtml
http://www.attrition.org/pipermail/vim/2007-August/001765.html
http://www.securityfocus.com/archive/1/478313/100/0/threaded
http://www.securityfocus.com/bid/25339
http://www.securitytracker.com/id?1018640
http://www.vupen.com/english/advisories/2007/2912
https://exchange.xforce.ibmcloud.com/vulnerabilities/36065
https://exchange.xforce.ibmcloud.com/vulnerabilities/36111

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-08-18T21:00:00

Updated: 2024-08-07T14:53:55.940Z

Reserved: 2007-08-18T00:00:00

Link: CVE-2007-4423

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-08-18T21:17:00.000

Modified: 2024-11-21T00:35:33.737

Link: CVE-2007-4423

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-08-16T00:00:00", "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in the AUTH_LIST_GROUPS_FOR_AUTHID function in IBM DB2 UDB 9.1 before Fixpak 3 allows attackers to cause a denial of service and possibly execute arbitrary code via a long argument."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-15T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "IZ01828", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ01828"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21255607"}, {"name": "db2-authlistgroups-dos(36111)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36111"}, {"name": "20070818 Recent DB2 Vulnerabilities", "tags": ["mailing-list", "x_refsource_VIM"], "url": "http://www.attrition.org/pipermail/vim/2007-August/001765.html"}, {"name": "ADV-2007-2912", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/2912"}, {"name": "db2-authlistgroupsforauthid-dos(36065)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36065"}, {"tags": ["x_refsource_MISC"], "url": "http://www.appsecinc.com/resources/alerts/db2/2007-01.shtml"}, {"name": "25339", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/25339"}, {"name": "26471", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26471"}, {"name": "1018640", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1018640"}, {"name": "20070831 Team SHATTER Advisory: IBM DB2 Buffer overflow in sysproc.auth_list_groups_for_authid", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/478313/100/0/threaded"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-4423", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Stack-based buffer overflow in the AUTH_LIST_GROUPS_FOR_AUTHID function in IBM DB2 UDB 9.1 before Fixpak 3 allows attackers to cause a denial of service and possibly execute arbitrary code via a long argument."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "IZ01828", "refsource": "AIXAPAR", "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ01828"}, {"name": "http://www-1.ibm.com/support/docview.wss?uid=swg21255607", "refsource": "CONFIRM", "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21255607"}, {"name": "db2-authlistgroups-dos(36111)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36111"}, {"name": "20070818 Recent DB2 Vulnerabilities", "refsource": "VIM", "url": "http://www.attrition.org/pipermail/vim/2007-August/001765.html"}, {"name": "ADV-2007-2912", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/2912"}, {"name": "db2-authlistgroupsforauthid-dos(36065)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36065"}, {"name": "http://www.appsecinc.com/resources/alerts/db2/2007-01.shtml", "refsource": "MISC", "url": "http://www.appsecinc.com/resources/alerts/db2/2007-01.shtml"}, {"name": "25339", "refsource": "BID", "url": "http://www.securityfocus.com/bid/25339"}, {"name": "26471", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26471"}, {"name": "1018640", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1018640"}, {"name": "20070831 Team SHATTER Advisory: IBM DB2 Buffer overflow in sysproc.auth_list_groups_for_authid", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/478313/100/0/threaded"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T14:53:55.940Z"}, "title": "CVE Program Container", "references": [{"name": "IZ01828", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ01828"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21255607"}, {"name": "db2-authlistgroups-dos(36111)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36111"}, {"name": "20070818 Recent DB2 Vulnerabilities", "tags": ["mailing-list", "x_refsource_VIM", "x_transferred"], "url": "http://www.attrition.org/pipermail/vim/2007-August/001765.html"}, {"name": "ADV-2007-2912", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/2912"}, {"name": "db2-authlistgroupsforauthid-dos(36065)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36065"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.appsecinc.com/resources/alerts/db2/2007-01.shtml"}, {"name": "25339", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/25339"}, {"name": "26471", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/26471"}, {"name": "1018640", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1018640"}, {"name": "20070831 Team SHATTER Advisory: IBM DB2 Buffer overflow in sysproc.auth_list_groups_for_authid", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/478313/100/0/threaded"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-4423", "datePublished": "2007-08-18T21:00:00", "dateReserved": "2007-08-18T00:00:00", "dateUpdated": "2024-08-07T14:53:55.940Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:db2_universal_database:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "06038A2B-9391-48D8-92DF-073B27017C41", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:db2_universal_database:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "1FA904BE-8369-469F-B70F-191745B5FA0D", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:db2_universal_database:9.1:*:fp2:*:*:*:*:*", "matchCriteriaId": "0D6B01CA-EE69-4A03-8C4B-F6D31447F4B6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in the AUTH_LIST_GROUPS_FOR_AUTHID function in IBM DB2 UDB 9.1 before Fixpak 3 allows attackers to cause a denial of service and possibly execute arbitrary code via a long argument."}, {"lang": "es", "value": "Un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en la funci\u00f3n AUTH_LIST_GROUPS_FOR_AUTHID en IBM DB2 UDB versi\u00f3n 9.1 anterior a Fixpak 3, permite a atacantes causar una denegaci\u00f3n de servicio y posiblemente ejecutar c\u00f3digo arbitrario por medio de un argumento largo."}], "id": "CVE-2007-4423", "lastModified": "2024-11-21T00:35:33.737", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-08-18T21:17:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/26471"}, {"source": "cve@mitre.org", "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ01828"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21255607"}, {"source": "cve@mitre.org", "url": "http://www.appsecinc.com/resources/alerts/db2/2007-01.shtml"}, {"source": "cve@mitre.org", "url": "http://www.attrition.org/pipermail/vim/2007-August/001765.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/478313/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/25339"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1018640"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2007/2912"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36065"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36111"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/26471"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ01828"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21255607"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.appsecinc.com/resources/alerts/db2/2007-01.shtml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.attrition.org/pipermail/vim/2007-August/001765.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/478313/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/25339"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1018640"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2007/2912"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36065"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36111"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}