Some vulnerabilities have been reported in DB2, which can be exploited by malicious users to escalate their privileges.
The problem is that certain command line arguments aren't properly verified. This can be exploited by supplying overly long, specially crafted strings and string containing format specifiers, which may allow execution of arbitrary code with escalated privileges.
The vulnerabilities have been reported in versions 7.0 and 8.1.
Solution: IBM has issued FixPak 4 for DB2 version 8.1.
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org
Subject: DB2 db2govd, db2start and db2stop Privilege Escalation Vulnerabilities
No posts yet
You must be logged in to post a comment.
Secunia Customer Login
Not a customer already?
Learn more about how our market leading Vulnerability Management solutions can help you manage risk and ensure compliance.