一个神奇的记录学习网络安全及编程的网站(づ ̄3 ̄)づ╭❤~
  • 首页
  • 信息安全
  • 安华金和数据库攻防实验室再次发现4个IBM DB2数据库漏洞

作者:月兔2018-12-3 17:14分类: 信息安全 标签: 游侠安全网 安华金和 月兔信息安全

安华金和攻防实验室再传重要消息:继连续挖到数个informix、DB2国际数据库数据库漏洞,近期又拿下4个IBM DB2数据库漏洞,获得CVE认证,并得到IBM确认。其中,3个高危漏洞和1个中危漏洞。3个高危漏洞属于权限提升漏洞,可以使权限从普通数据库用户提升到操作系统最高权限。

目前,IBM官方已经给出受影响产品版本和补救措施,请根据以下分享的漏洞详情链接,做出及时应对。漏洞列表如下:

CVEID: CVE-2018-1780 高危

DESCRIPTION: IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow a local db2 instance owner to obtain root access by exploiting a symbolic link attack to read/write/corrupt a file that they originally did not have permission to access.

CVSS Base Score: 7.8

CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/148803 for the current score

CVSS Environmental Score*: Undefined

CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

1.jpg

CVEID: CVE-2018-1781 高危

DESCRIPTION: IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow a local user to obtain root access by exploiting a symbolic link attack to read/write/corrupt a file that they originally did not have permission to access.

CVSS Base Score: 8.4

CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/148804 for the current score

CVSS Environmental Score*: Undefined

CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2018-1834 高危

DESCRIPTION: IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) contains a vulnerability that could allow a local user to escalate their privileges to root through a symbolic link attack.

CVSS Base Score: 7.4

CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/150511 for the current score

CVSS Environmental Score*: Undefined

CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2018-1799 中危

DESCRIPTION: IBM DB2 could allow a local unprivileged user to overwrite files on the system which could cause damage to the database.

CVSS Base Score: 6.2

CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/149429 for the current score

CVSS Environmental Score*: Undefined

CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)

近两年,安华金和在国际数据库漏洞挖掘领域展现出深厚功底,释放出稳健而强有力的攻防研究能力。数据库漏洞挖掘哪家强?安华金和就不谦虚了,毕竟这是安全行业为国争光的大好消息,不断证明国内安全攻防研究的水平提升。

2.jpg


本文由月兔信息安全转载游侠安全网

温馨提示如有转载或引用以上内容之必要,敬请将本文链接作为出处标注,谢谢合作!

已有 0/432 人参与

发表评论:

欢迎使用手机扫描关注本站公众号,获取最新网络安全信息哦o(* ̄︶ ̄*)o