安華金和攻防實(shí)驗(yàn)室再傳重要消息:繼連續(xù)挖到數(shù)個(gè)informix�����、DB2國際數(shù)據(jù)庫數(shù)據(jù)庫漏洞����,近期又拿下4個(gè)IBM DB2數(shù)據(jù)庫漏洞����,獲得CVE認(rèn)證,并得到IBM確認(rèn)��。其中�����,3個(gè)高危漏洞和1個(gè)中危漏洞�����。3個(gè)高危漏洞屬于權(quán)限提升漏洞,可以使權(quán)限從普通數(shù)據(jù)庫用戶提升到操作系統(tǒng)最高權(quán)限��。
目前��,IBM官方已經(jīng)給出受影響產(chǎn)品版本和補(bǔ)救措施��,請(qǐng)根據(jù)以下分享的漏洞詳情鏈接����,做出及時(shí)應(yīng)對(duì)。漏洞列表如下:
CVEID: CVE-2018-1780 高危
DESCRIPTION: IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow a local db2 instance owner to obtain root access by exploiting a symbolic link attack to read/write/corrupt a file that they originally did not have permission to access.
CVSS Base Score: 7.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/148803 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2018-1781 高危
DESCRIPTION: IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow a local user to obtain root access by exploiting a symbolic link attack to read/write/corrupt a file that they originally did not have permission to access.
CVSS Base Score: 8.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/148804 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2018-1834 高危
DESCRIPTION: IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) contains a vulnerability that could allow a local user to escalate their privileges to root through a symbolic link attack.
CVSS Base Score: 7.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/150511 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2018-1799 中危
DESCRIPTION: IBM DB2 could allow a local unprivileged user to overwrite files on the system which could cause damage to the database.
CVSS Base Score: 6.2
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/149429 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
近兩年����,安華金和在國際數(shù)據(jù)庫漏洞挖掘領(lǐng)域展現(xiàn)出深厚功底,釋放出穩(wěn)健而強(qiáng)有力的攻防研究能力���。數(shù)據(jù)庫漏洞挖掘哪家強(qiáng)���?安華金和就不謙虛了,畢竟這是安全行業(yè)為國爭光的大好消息��,不斷證明國內(nèi)安全攻防研究的水平提升����。
了解更多
DBSec Labs
安華金和數(shù)據(jù)庫攻防實(shí)驗(yàn)室(DBSec Labs)自2010年11月立以來,專注安全攻防技術(shù)研究及漏洞挖掘工作,是我國一支獨(dú)立的��、持久的針對(duì)數(shù)據(jù)庫安全漏洞���、數(shù)據(jù)庫攻擊技術(shù)模擬和數(shù)據(jù)庫安全防護(hù)技術(shù)進(jìn)行研究的專業(yè)隊(duì)伍�。國家信息安全漏洞庫(CNNVD)2017年發(fā)布的最新一批技術(shù)支撐合作計(jì)劃成員名單����,安華金和被正式授予CNNVD技術(shù)支撐單位。實(shí)驗(yàn)室始終秉承著“以攻促防”的技術(shù)理念�,將研究成果融入到安華金和的數(shù)據(jù)庫安全產(chǎn)品系列中��。不斷挖掘出國際數(shù)據(jù)庫漏洞也見證了安華金和在國內(nèi)數(shù)據(jù)庫安全領(lǐng)域的技術(shù)研究實(shí)力���。
DB2
IBM公司開發(fā)的一套關(guān)系型數(shù)據(jù)庫管理系統(tǒng)主要應(yīng)用于大型應(yīng)用系統(tǒng)�����,具有較好的可伸縮性�����,可支持從大型機(jī)到單用戶環(huán)境����,應(yīng)用于所有常見的服務(wù)器操作系統(tǒng)平臺(tái)下。憑借著良好的并發(fā)性���、穩(wěn)定性�����、擴(kuò)展性�����,DB2受到各行各業(yè)的青睞����,尤其廣泛應(yīng)用于金融行業(yè)�, 漏洞的存在可能導(dǎo)致關(guān)鍵業(yè)務(wù)系統(tǒng)的數(shù)據(jù)庫安全風(fēng)險(xiǎn),請(qǐng)相關(guān)用戶及時(shí)檢查并更新版本����。
CVE
國際著名的安全漏洞庫,也是對(duì)已知漏洞和安全缺陷的標(biāo)準(zhǔn)化名稱的列表���,它是一個(gè)由企業(yè)界����、政府界和學(xué)術(shù)界綜合參與的國際性組織,采取一種非盈利的組織形式�����,其使命是為了能更加快速而有效地鑒別��、發(fā)現(xiàn)和修復(fù)軟件產(chǎn)品的安全漏洞�����。
產(chǎn)品咨詢:4000 258 365 
