SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Database)  >   IBM DB2 Vendors:   IBM
IBM DB2 Database Automated Maintenance Bug Lets Remote Authenticated Users Obtain Files on the Target System
SecurityTracker Alert ID:  1032881
SecurityTracker URL:  http://securitytracker.com/id/1032881
CVE Reference:   CVE-2015-1883   (Links to External Site)
Date:  Jul 14 2015
Impact:   Disclosure of system information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 9.5, 9.7, 9.8, 10.1, 10.5
Description:   A vulnerability was reported in IBM DB2. A remote authenticated user can obtain files on the target system.

A remote authenticated user with elevated privileges can modify an automated maintenance policy stored procedure to view arbitrary files with the privileges of the DB2 process.

Igor Kopylenko of McAfee reported this vulnerability.

Impact:   A remote authenticated user with elevated privileges can obtain files on the target system with the privileges of the database process.
Solution:   The vendor has issued a fix.

For 9.7: APAR IT08086
For 9.8: APAR IT08085
For 10.1: 10.1 FP5, APAR IT08080
For 10.5: APAR IT08075

The vendor's advisory is available at:

https://www-304.ibm.com/support/docview.wss?uid=swg21698308

Vendor URL:  www-304.ibm.com/support/docview.wss?uid=swg21698308 (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (Any), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), Windows (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Oct 28 2015 (IBM Issues Fix for IBM InfoSphere BigInsights) IBM DB2 Database Automated Maintenance Bug Lets Remote Authenticated Users Obtain Files on the Target System
IBM has issued a fix for IBM InfoSphere BigInsights.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC