CVE-2013-3475 - OpenCVE

Stack-based buffer overflow in db2aud in the Audit Facility in IBM DB2 and DB2 Connect 9.1, 9.5, 9.7, 9.8, and 10.1, as used in Smart Analytics System 7600 and other products, allows local users to gain privileges via unspecified vectors.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Db2 Db2 Connect Smart Analytics System 7600

Configuration 1 [-]

OR	cpe:2.3:a:ibm:db2:9.1:::::::*
	cpe:2.3:a:ibm:db2:9.5:::::::*
	cpe:2.3:a:ibm:db2:9.7:::::::*
	cpe:2.3:a:ibm:db2:9.8:::::::*
	cpe:2.3:a:ibm:db2:10.1:::::::*
	cpe:2.3:a:ibm:db2_connect:9.1:::::::*
	cpe:2.3:a:ibm:db2_connect:9.5:::::::*
	cpe:2.3:a:ibm:db2_connect:9.7:::::::*
	cpe:2.3:a:ibm:db2_connect:9.8:::::::*
	cpe:2.3:a:ibm:db2_connect:10.1:::::::*
	cpe:2.3:h:ibm:smart_analytics_system_7600:-:::::::*

No data.

References

Link	Providers
http://secunia.com/advisories/52663
http://secunia.com/advisories/53704
http://www-01.ibm.com/support/docview.wss?uid=swg1IC92463
http://www-01.ibm.com/support/docview.wss?uid=swg1IC92495
http://www-01.ibm.com/support/docview.wss?uid=swg1IC92496
http://www-01.ibm.com/support/docview.wss?uid=swg1IC92498
http://www-01.ibm.com/support/docview.wss?uid=swg21639194
http://www-01.ibm.com/support/docview.wss?uid=swg21639355
http://www.securityfocus.com/bid/60255
https://exchange.xforce.ibmcloud.com/vulnerabilities/84358

History

No history.

MITRE

Status: PUBLISHED

Assigner: flexera

Published: 2013-06-05T01:00:00

Updated: 2024-08-06T16:07:38.129Z

Reserved: 2013-05-07T00:00:00

Link: CVE-2013-3475

Vulnrichment

No data.

NVD

Status : Modified

Published: 2013-06-05T03:43:48.050

Modified: 2018-09-25T10:29:00.590

Link: CVE-2013-3475

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-05-31T00:00:00", "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in db2aud in the Audit Facility in IBM DB2 and DB2 Connect 9.1, 9.5, 9.7, 9.8, and 10.1, as used in Smart Analytics System 7600 and other products, allows local users to gain privileges via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-09-25T09:57:01", "orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab", "shortName": "flexera"}, "references": [{"name": "IC92495", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC92495"}, {"name": "IC92496", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC92496"}, {"name": "IC92463", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC92463"}, {"name": "ibm-db2-cve20133475-bo(84358)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84358"}, {"name": "53704", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/53704"}, {"name": "60255", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/60255"}, {"name": "IC92498", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC92498"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21639355"}, {"name": "52663", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/52663"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21639194"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "PSIRT-CNA@flexerasoftware.com", "ID": "CVE-2013-3475", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Stack-based buffer overflow in db2aud in the Audit Facility in IBM DB2 and DB2 Connect 9.1, 9.5, 9.7, 9.8, and 10.1, as used in Smart Analytics System 7600 and other products, allows local users to gain privileges via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "IC92495", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC92495"}, {"name": "IC92496", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC92496"}, {"name": "IC92463", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC92463"}, {"name": "ibm-db2-cve20133475-bo(84358)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84358"}, {"name": "53704", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/53704"}, {"name": "60255", "refsource": "BID", "url": "http://www.securityfocus.com/bid/60255"}, {"name": "IC92498", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC92498"}, {"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21639355", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21639355"}, {"name": "52663", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/52663"}, {"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21639194", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21639194"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T16:07:38.129Z"}, "title": "CVE Program Container", "references": [{"name": "IC92495", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC92495"}, {"name": "IC92496", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC92496"}, {"name": "IC92463", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC92463"}, {"name": "ibm-db2-cve20133475-bo(84358)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84358"}, {"name": "53704", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/53704"}, {"name": "60255", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/60255"}, {"name": "IC92498", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC92498"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21639355"}, {"name": "52663", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/52663"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21639194"}]}]}, "cveMetadata": {"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab", "assignerShortName": "flexera", "cveId": "CVE-2013-3475", "datePublished": "2013-06-05T01:00:00", "dateReserved": "2013-05-07T00:00:00", "dateUpdated": "2024-08-06T16:07:38.129Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:db2:9.1:*:*:*:*:*:*:*", "matchCriteriaId": "7B28091A-8772-41DC-9D91-D5359CDDA7A9", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:db2:9.5:*:*:*:*:*:*:*", "matchCriteriaId": "11ABF7CC-2FA5-4F2D-901A-2D0EF5B8E717", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*", "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:db2:9.8:*:*:*:*:*:*:*", "matchCriteriaId": "D72D43DB-9A92-4E12-853B-F5FC9421D5EA", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*", "matchCriteriaId": "2952EB24-A015-4EC7-85E3-88588D0AB15B", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:db2_connect:9.1:*:*:*:*:*:*:*", "matchCriteriaId": "0BA7EE47-766E-4AA5-BD74-152EDBC1E17F", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:db2_connect:9.5:*:*:*:*:*:*:*", "matchCriteriaId": "4CDD816C-7070-4118-845E-6205FE130A02", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:db2_connect:9.7:*:*:*:*:*:*:*", "matchCriteriaId": "4A8DDC8C-92D4-4078-8C82-9CB27B0DBDD2", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:db2_connect:9.8:*:*:*:*:*:*:*", "matchCriteriaId": "A174260C-45A3-4DE3-8B2C-82416196FFF3", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:db2_connect:10.1:*:*:*:*:*:*:*", "matchCriteriaId": "B343CCB4-CE4B-44D2-A04E-69031CD649EA", "vulnerable": true}, {"criteria": "cpe:2.3:h:ibm:smart_analytics_system_7600:-:*:*:*:*:*:*:*", "matchCriteriaId": "077FE845-5F92-4656-A8E9-A68FD73C9901", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in db2aud in the Audit Facility in IBM DB2 and DB2 Connect 9.1, 9.5, 9.7, 9.8, and 10.1, as used in Smart Analytics System 7600 and other products, allows local users to gain privileges via unspecified vectors."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer basado en pila en db2aud en Audit Facility de IBM DB2 y DB2 Connect v9.1, v9.5, v9.7, v9.8 y v10.1, como se utiliza en Smart System Analytics 7600 y otros productos, permite a usuarios locales conseguir privilegios a trav\u00e9s de vectores no especificados."}], "evaluatorComment": "Per: http://www-01.ibm.com/support/docview.wss?uid=swg21639355\r\n\r\n'The following IBM DB2 and DB2 Connect V9.1, V9.5, V9.7 and V10.1 editions running on AIX, Linux, HP and Solaris (this vulnerability is not applicable to DB2 on Windows.).'", "id": "CVE-2013-3475", "lastModified": "2018-09-25T10:29:00.590", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-06-05T03:43:48.050", "references": [{"source": "PSIRT-CNA@flexerasoftware.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/52663"}, {"source": "PSIRT-CNA@flexerasoftware.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/53704"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC92463"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC92495"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC92496"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC92498"}, {"source": "PSIRT-CNA@flexerasoftware.com", "tags": ["Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21639194"}, {"source": "PSIRT-CNA@flexerasoftware.com", "tags": ["Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21639355"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "http://www.securityfocus.com/bid/60255"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84358"}], "sourceIdentifier": "PSIRT-CNA@flexerasoftware.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}