WebProgrammingTalk Database DB2
IBM DB2 Universal Database Local Privilege Escalation Vulnerabilities Hello There, Guest! (LoginRegister)
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
IBM DB2 Universal Database Local Privilege Escalation Vulnerabilities
05-09-2008, 07:28 AM,
#1
IBM DB2 Universal Database Local Privilege Escalation Vulnerabilities
Multiple vulnerabilities have been identified in IBM DB2 Universal Database, which could be exploited by local attackers to gain elevated privileges.

The first issue is caused by an error in the "db2dasrrm" utility that creates the "dasRecoveryIndex", "dasRecoveryIndex.tmp", ".dasRecoveryIndex.lock", and "dasRecoveryIndex.cor" with insecure permissions, which could be exploited by the "dasusr1" user or a local attacker (member of the "db2adm1" group) to gain root privileges via symbolic links.

The second vulnerability is caused by a buffer overflow error in the "db2dasrrm" utility when processing the "DASPROF" environment variable, which could be exploited by local attackers to execute arbitrary code with root privileges.
Reply
12-04-2010, 12:15 AM,
#2
Re: IBM DB2 Universal Database Local Privilege Escalation Vulnerabilities
Good guide Smile where do you find all of them or do you write them yourself?
Ihost4you.com
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
Contact Us | WebProgrammingTalk | Return to Top | | Lite (Archive) Mode | RSS Syndication