CVE-2004-0795

IBM DB2 Universal Database 8.1 - Local Privilege Escalation via DB2REMOTECMD Named Pipe

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-0795. PoCs published by MC, including Metasploit module auxiliary/admin/db2/db2rcmd.

AI-analyzed exploit summary This Metasploit module exploits a vulnerability in IBM DB2's Remote Command Server (CVE-2004-0795) by sending arbitrary commands to the DB2REMOTECMD named pipe, potentially leading to administrator privileges. It requires authentication and leverages SMB for communication.

Description

DB2 8.1 remote command server (DB2RCMD.EXE) executes the db2rcmdc.exe program as the db2admin administrator, which allows local users to gain privileges via the DB2REMOTECMD named pipe.

Exploits (1)

metasploit WORKING POC

by MC · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/db2/db2rcmd.rb

View Code ZIP pw:eip

This Metasploit module exploits a vulnerability in IBM DB2's Remote Command Server (CVE-2004-0795) by sending arbitrary commands to the DB2REMOTECMD named pipe, potentially leading to administrator privileges. It requires authentication and leverages SMB for communication.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: IBM DB2 Universal Database 8.1

Auth required

Prerequisites: Valid SMB credentials (username/password) · Access to the DB2REMOTECMD named pipe

MITRE ATT&CK