| VID |
25058 |
| Severity |
30 |
| Port |
523 |
| Protocol |
TCP |
| Class |
DB2 |
| Detailed Description |
The IBM DB2 UDB server, according to its version, has multiple local privilege escalation vulnerabilities. IBM DB2 Universal Database (UDB) versions prior to 9 FixPak 2 are vulnerable to multiple local privilege escalation vulnerabilities, caused by multiple buffer overflow. A local attacker could exploit these vulnerabilities to cause the affected database to crash or to execute arbitrary code on the host with root privileges. In addition, the installed version could also allow a local attacker to access directories without proper authorization.
* References:
http://www-1.ibm.com/support/docview.wss?uid=swg21255745
http://www-1.ibm.com/support/docview.wss?uid=swg21255747
http://www-1.ibm.com/support/docview.wss?uid=swg1IY86711
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=480
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=481
http://archives.neohapsis.com/archives/fulldisclosure/2007-02/0521.html
http://archives.neohapsis.com/archives/fulldisclosure/2007-02/0523.html
* Platforms Affected:
IBM DB2 UDB version 8.1 prior to fixpack 15
IBM DB2 Unix versions prior to 9 fixpack 2
Microsoft Windows Any version
Sun Microsystems, Inc., Solaris SPARC and x86
Hewlett-Packard Company, HP-UX 11i
Linux Any version
IBM AIX 4.0 and 5L |
| Recommendation |
Apply the latest IBM DB2 Universal Database Fix Pack (9 FixPak 2 or later), available from the IBM Support & downloads Web site at http://www-1.ibm.com/support/docview.wss?uid=swg1IY94833 |
| Related URL |
CVE-2007-1086,CVE-2007-1087,CVE-2007-1088 (CVE) |
| Related URL |
22677,22729 (SecurityFocus) |
| Related URL |
32650,32651,32652 (ISS) |
|
