Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Database)  >   IBM DB2 Vendors:   IBM
IBM DB2 Multiple Bugs Let Local Users Gain Root Privileges
SecurityTracker Alert ID:  1018581
SecurityTracker URL:
CVE Reference:   CVE-2007-4270, CVE-2007-4271, CVE-2007-4272, CVE-2007-4273, CVE-2007-4275, CVE-2007-4276   (Links to External Site)
Date:  Aug 17 2007
Impact:   Execution of arbitrary code via local system, Modification of system information, Root access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): V9 prior to Fix Pack 3, V8 prior to FixPak 15
Description:   Several vulnerabilities were reported in IBM DB2. A local user can obtain elevated privileges on the target system.

A local user can create a symbolic link (symlink) from a critical file on the system to files used by DB2 after DB2 has checked to see if a symlink exists and before the symlinked file is processed to modify arbitrary files with root privileges [CVE-2007-4270].

A local user can modify a certain environment variable to trigger a directory traversal flaw and cause some DB2 binaries to create arbitrary files on the target system [CVE-2007-4271].

A local user can set certain combinations of environment variables to cause some DB2 binaries to create arbitrary files on the target system or append to arbitrary files [CVE-2007-4272].

A local user can cause certain DB2 binaries to create world-writable directories [CVE-2007-4273].

A local user can exploit search path vulnerabilities to cause DB2 to load an alternate binary or library [CVE-2007-4275].

A local user can set an environment variable to a specially crafted value to trigger a stack overflow and execute arbitrary code [CVE-2007-4276].

The vendor was notified on March 22 and 23, 2007.

The original advisories are available at:

Impact:   A local user can obtain root privileges on the target system.
Solution:   The vendor has issued fixed versions (V9 Fix Pack 3 and version V8 FixPak 15).

The IBM advisories are available at:

Vendor URL: (Links to External Site)
Cause:   Access control error, Boundary error, Input validation error, State error
Underlying OS:  Linux (Any), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), Windows (Any)

Message History:   None.

 Source Message Contents

[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2022, LLC