Secunia Security Advisory 15808

Secunia Security Advisory 15808: Posted Jun 25, 2005; Authored by Secunia | Site secunia.com; Secunia Security Advisory - A vulnerability has been reported in IBM DB2 Universal Database, which can be exploited by malicious users to bypass certain security restrictions.; tags | advisory; SHA-256 | 6021c738539f6941c1cf664f74c064df9249f2daf3c8668f9a7e0b4c4ced6047; Download | Favorite | View

Secunia Security Advisory 15808



----------------------------------------------------------------------

Bist Du interessiert an einem neuen Job in IT-Sicherheit?


Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT-
Sicherheit:
http://secunia.com/secunia_vacancies/

----------------------------------------------------------------------

TITLE:
IBM DB2 Universal Data Authorisation Checking Bypass

SECUNIA ADVISORY ID:
SA15808

VERIFY ADVISORY:
http://secunia.com/advisories/15808/

CRITICAL:
Less critical

IMPACT:
Security Bypass, Privilege escalation

WHERE:
>From local network

SOFTWARE:
DB2 Universal Database 8.x
http://secunia.com/product/857/

DESCRIPTION:
A vulnerability has been reported in IBM DB2 Universal Database,
which can be exploited by malicious users to bypass certain security
restrictions.

The vulnerability is caused due to an unspecified error making to
possible to bypass certain authorisation checks. This can be
exploited by a user with only SELECT permissions on a table to
insert, update, or delete content in that table.

Successful exploitation requires that the user is authenticated and
has SELECT permissions on the table.

SOLUTION:
The vendor has issued FixPaks.

DB2 Universal Database Version 8 FixPak 6c:
http://www-1.ibm.com/support/docview.wss?rs=0&uid=swg24009926

DB2 Universal Database Version 8 FixPak 7b:
http://www-1.ibm.com/support/docview.wss?rs=0&uid=swg24009931

DB2 Universal Database Version 8 FixPak 8a:
http://www-1.ibm.com/support/docview.wss?rs=0&uid=swg24009930

DB2 Universal Database Version 8 FixPak 9a:
http://www-1.ibm.com/support/docview.wss?rs=0&uid=swg24009929

PROVIDED AND/OR DISCOVERED BY:
Reported by vendor.

ORIGINAL ADVISORY:
IBM:
http://www-1.ibm.com/support/docview.wss?uid=swg21209727
http://www-1.ibm.com/support/docview.wss?uid=swg1IY73104

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Top Authors In Last 30 Days

Red Hat 308 files
Ubuntu 67 files
Debian 24 files
Gentoo 8 files
Google Security Research 7 files
LiquidWorm 6 files
Apple 5 files
Jann Horn 3 files
Spencer McIntyre 3 files
Milad Karimi 3 files

File Archives

Systems

AIX (430)
Apple (2,133)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,177)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (395)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (52,160)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,495)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (10,025)
UNIX (9,482)
UnixWare (188)
Windows (6,786)
Other

Secunia Security Advisory 15808

Secunia Security Advisory 15808

File Archive:

December 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Secunia Security Advisory 15808

Share This

Secunia Security Advisory 15808

File Archive:

December 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems