RSS

IBM Patches DB2 Flaws

David Utter
Staff Writer
2008-02-08

Insider Reports RSS Feed

A couple of dodgy issues with IBM's DB2 Universal Database required attention from security engineers to thwart potential problems.

Local privilege escalation, and service crash or arbitrary code execution, posed challenges for users of the IBM DB2 product.

Under one scenario reported by iDefense Labs, a local attacker could take advantage of the way the db2pd binary loads a library. Result: the local attacker gains root privileges.

The second iDefense scenario presented an attacker with a chance to either crash the DB2 service remotely, or to execute arbitrary code.

"The attacker only needs the ability to establish a TCP session with the DAS on TCP port 523," said iDefense. DB2 on the Windows and Linux platforms contained the vulnerability.

Fortunately, IBM handled the problems with their Fix Packs, available for download from their support site. Fix Packs for Version 8 and Version 9 mitigate the issues.

About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.

More news_security_news Articles

Insider Reports RSS Feed

Get Your Site Submitted for Free in the World's Largest B2B Directory!

Email Address:
* URL:
*
*Indicates Mandatory Field

Terms & Conditions

iEntry Featured Services: Jayde Member Services | Forums | Freeware | Advertise with Us

Featured On:

article resources

WebProWorld.com

•	Get in-touch with industry experts and leaders
•	Post your site for review by expert and peers
•	Ask Security, IT, Development and Design questions

Free Membership: Join Now!

Visit WebProWorld.com


Titan Quest Forum The #1 Titan Quest forum
Halo 3 Forum The best Halo, Halo 2, Halo 3 forum
Nintendo Wii Nintendo Wii news and views
Mac Software The best in OS X freeware
Graphics Forum Your source for graphic tutorials