iDefense Security Advisory 04.09.08 - Local exploitation of a buffer overflow vulnerability in the db2dasrrm program, as included with IBM Corp.'s DB2 Universal Database, allows attackers to elevate privileges to root. This vulnerability exists due to insufficient validation of the length of the attacker-supplied "DASPROF" environment variable contents. By setting the variable to a specially crafted string, an attacker can cause a buffer overflow when the string is copied into a static-sized buffer stored on the stack. By overflowing the buffer, the attacker can overwrite execution control structures stored on the stack and execute arbitrary code. iDefense has confirmed the existence of this vulnerability in IBM Corp.'s DB2 Universal Database 9.1 with Fix Pack 4 installed on a Linux system. Versions for other supported UNIX-like systems should also be considered vulnerable. All previously released versions are suspected vulnerable.
ed9da4601a3c01c8aa3d7ab4328a633cd6c16d5f038c559df222bd6ac326093f