月兔网络编程学习
安华金和数据库攻防实验室再次发现4个IBM DB2数据库漏洞
2018-12-3 月兔



安华金和攻防实验室再传重要消息:继连续挖到数个informix、DB2国际数据库数据库漏洞,近期又拿下4个IBM DB2数据库漏洞,获得CVE认证,并得到IBM确认。其中,3个高危漏洞和1个中危漏洞。3个高危漏洞属于权限提升漏洞,可以使权限从普通数据库用户提升到操作系统最高权限。



目前,IBM官方已经给出受影响产品版本和补救措施,请根据以下分享的漏洞详情链接,做出及时应对。漏洞列表如下:



CVEID: CVE-2018-1780 高危



DESCRIPTION: IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow a local db2 instance owner to obtain root access by exploiting a symbolic link attack to read/write/corrupt a file that they originally did not have permission to access.



CVSS Base Score: 7.8



CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/148803 for the current score



CVSS Environmental Score*: Undefined



CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)



1.jpg




CVEID: CVE-2018-1781 高危



DESCRIPTION: IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow a local user to obtain root access by exploiting a symbolic link attack to read/write/corrupt a file that they originally did not have permission to access.



CVSS Base Score: 8.4



CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/148804 for the current score



CVSS Environmental Score*: Undefined



CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)



CVEID: CVE-2018-1834 高危



DESCRIPTION: IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) contains a vulnerability that could allow a local user to escalate their privileges to root through a symbolic link attack.



CVSS Base Score: 7.4



CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/150511 for the current score



CVSS Environmental Score*: Undefined



CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)



CVEID: CVE-2018-1799 中危



DESCRIPTION: IBM DB2 could allow a local unprivileged user to overwrite files on the system which could cause damage to the database.



CVSS Base Score: 6.2



CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/149429 for the current score



CVSS Environmental Score*: Undefined



CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)



近两年,安华金和在国际数据库漏洞挖掘领域展现出深厚功底,释放出稳健而强有力的攻防研究能力。数据库漏洞挖掘哪家强?安华金和就不谦虚了,毕竟这是安全行业为国争光的大好消息,不断证明国内安全攻防研究的水平提升。



2.jpg







本文由月兔信息安全转载游侠安全网

发表评论:
昵称

邮件地址 (选填)

个人主页 (选填)

内容