Secunia Security Advisory - Two vulnerabilities have been reported in IBM DB2, which can be exploited by malicious, local users to perform certain actions with escalated privileges or gain escalated privileges.
283d95504a46921fe577783b216e067e3d94f2712b9696a599612ff62db2dcff
----------------------------------------------------------------------
Secunia Network Software Inspector 2.0 (NSI) - Public Beta
15 days left of beta period.
The 1st generation of the Secunia Network Software Inspector (NSI)
has been available for corporate users for almost 1 year and its been
a tremendous success.
The 2nd generation Secunia NSI is built on the same technology as the
award winning Secunia PSI, which has already been downloaded and
installed on more than 400,000 computers world wide.
Learn more / Download (instant access):
http://secunia.com/network_software_inspector_2/
----------------------------------------------------------------------
TITLE:
IBM DB2 db2dasrrm File Creation and Privilege Escalation
Vulnerabilities
SECUNIA ADVISORY ID:
SA29784
VERIFY ADVISORY:
http://secunia.com/advisories/29784/
CRITICAL:
Less critical
IMPACT:
Manipulation of data, Privilege escalation
WHERE:
Local system
SOFTWARE:
DB2 Universal Database 8.x
http://secunia.com/product/857/
IBM DB2 for Linux UNIX and Windows 9.x
http://secunia.com/product/13504/
DESCRIPTION:
Two vulnerabilities have been reported in IBM DB2, which can be
exploited by malicious, local users to perform certain actions with
escalated privileges or gain escalated privileges.
1) A boundary error within the set-uid root db2dasrrm program can be
exploited to cause a stack-based buffer overflow by setting the
DASPROF environment variable to a specially crafted, overly long
string.
Successful exploitation allows execution of arbitrary code with root
privileges.
2) The "dasRecoveryIndex", "dasRecoveryIndex.tmp",
".dasRecoveryIndex.lock", and "dasRecoveryIndex.cor" files are
created insecurely when the db2dasrrm program is started. This can be
exploited via symlink attacks to overwrite arbitrary files with root
privileges.
Successful exploitation requires access to an account that is allowed
to start and stop the DB2 Administration Server (e.g. "dasusr1" or the
"db2adm1" group).
The vulnerabilities are reported in version 9.1 (Fix Pack 4 and Fix
Pack 3) on Linux. Other versions may also be affected.
SOLUTION:
Update to the latest versions.
Version 8 FixPak 16:
http://www-1.ibm.com/support/docview.wss?uid=swg21256235
Version 9.1 Fix Pack 4a:
http://www-1.ibm.com/support/docview.wss?uid=swg21255572
Version 9.5 Fix Pack 1:
http://www-1.ibm.com/support/docview.wss?uid=swg21287889
PROVIDED AND/OR DISCOVERED BY:
1) Discovered by an anonymous person and reported via iDefense Labs.
2) Joshua J. Drake, iDefense Labs.
ORIGINAL ADVISORY:
iDefense:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=689
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=688
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------