Spotlight | Reviews | Current Issue | Academy | Newsletter | Subscribe | Shop |
Departments

Partner Links
Make your own website
WinWeb OnlineOffice
Comparing prices of hardware is worth it.
Price Comparison
UK Linux Jobs
What:
Where:
Country:
vacatures Netherlands njobs Linux vacatures
arbeit Deutschland njobs Linux arbeit
work United Kingdom njobs Linux jobs
Lavoro Italia njobs Linux lavoro
Emploi France njobs Linux emploi
trabajo Espana njobs Linux trabajo

user friendly

Admin Magazine

ADMIN Network & Security

Subscribe now and save!

ADMIN - Explore the new world of system administration! Special introductory offer! Order by September 30th to save 10% off the regular subscription price! Each issue delivers technical solutions to the real-world problems you face every day. Learn the latest techniques for better:

  • network security
  • system management
  • troubleshooting
  • performance tuning
  • virtualization
  • cloud computing

 

on Windows, Linux, Solaris, and popular varieties of Unix.

http://www.admin-magazine.com/

  linux-magazine.com » Online » News » Security Issues with IBM DB2 Database  

Print this page. Recommend
Share

Security Issues with IBM DB2 Database

iDenfense security service reports six vulnerabilities in IBM's DB2 database.

The issues were discovered in versions 8 and 9 of IBM's DB2 database solution. The CVE IDs CVE-2007-4276, CVE-2007-4275, CVE-2007-4273, CVE-2007-4272, CVE-2007-4271 and CVE-2007-4270 have been assigned. The first vulnerability triggers a buffer overflow in the database when an attacker specifies a specially crafted string via certain environment variable (issue 4276). The attacker could gain the ability to execute arbitrary code. The second vulnerability (4275) gives attackers the ability to load or run their own binaries when entering a search key.

Another critical error (issue 4273) is cased by vulnerable setuid binaries in DB2. An attacker creating specially crafted symbolic links on the system could trick the system into following the links when creating new directories thus opening the system up to the attacker who would possess full write privileges for the new directories.

The remaining vulnerabilities are all related to faulty file and directory management and could allow attackers to gain root privileges. Details on all vulnerabilities are available from idefense. IBM has responded by releasing fixes to patch the vulnerabilities in both versions of the database (Fix for Version 8, Fix for Version 8).

(Jan Rähm)

Comments


Print this page. Recommend
Share
Related Articles
IBM Emerges in Amazon's Cloud
Oxygen Office 2.3.1 Removes Vulnerability
Apache Closes Down Vulnerabilities
LinuxCon Presentations Available Online
IBM with Growth in Third Quarter 2007
DoS Vulnerability in Asterisk
Wherever you go...

...Linux Magazine goes with you!

Check out the advantages of a Digital Subscription:

  • Access articles by downloading PDFs,
  • find the Linux solutions you need with an easy keyword search,
  • maintain your own paperless archive...

more...