---------------------------------------------------------------------- Secunia Network Software Inspector 2.0 (NSI) - Public Beta 15 days left of beta period. The 1st generation of the Secunia Network Software Inspector (NSI) has been available for corporate users for almost 1 year and its been a tremendous success. The 2nd generation Secunia NSI is built on the same technology as the award winning Secunia PSI, which has already been downloaded and installed on more than 400,000 computers world wide. Learn more / Download (instant access): http://secunia.com/network_software_inspector_2/ ---------------------------------------------------------------------- TITLE: IBM DB2 db2dasrrm File Creation and Privilege Escalation Vulnerabilities SECUNIA ADVISORY ID: SA29784 VERIFY ADVISORY: http://secunia.com/advisories/29784/ CRITICAL: Less critical IMPACT: Manipulation of data, Privilege escalation WHERE: Local system SOFTWARE: DB2 Universal Database 8.x http://secunia.com/product/857/ IBM DB2 for Linux UNIX and Windows 9.x http://secunia.com/product/13504/ DESCRIPTION: Two vulnerabilities have been reported in IBM DB2, which can be exploited by malicious, local users to perform certain actions with escalated privileges or gain escalated privileges. 1) A boundary error within the set-uid root db2dasrrm program can be exploited to cause a stack-based buffer overflow by setting the DASPROF environment variable to a specially crafted, overly long string. Successful exploitation allows execution of arbitrary code with root privileges. 2) The "dasRecoveryIndex", "dasRecoveryIndex.tmp", ".dasRecoveryIndex.lock", and "dasRecoveryIndex.cor" files are created insecurely when the db2dasrrm program is started. This can be exploited via symlink attacks to overwrite arbitrary files with root privileges. Successful exploitation requires access to an account that is allowed to start and stop the DB2 Administration Server (e.g. "dasusr1" or the "db2adm1" group). The vulnerabilities are reported in version 9.1 (Fix Pack 4 and Fix Pack 3) on Linux. Other versions may also be affected. SOLUTION: Update to the latest versions. Version 8 FixPak 16: http://www-1.ibm.com/support/docview.wss?uid=swg21256235 Version 9.1 Fix Pack 4a: http://www-1.ibm.com/support/docview.wss?uid=swg21255572 Version 9.5 Fix Pack 1: http://www-1.ibm.com/support/docview.wss?uid=swg21287889 PROVIDED AND/OR DISCOVERED BY: 1) Discovered by an anonymous person and reported via iDefense Labs. 2) Joshua J. Drake, iDefense Labs. ORIGINAL ADVISORY: iDefense: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=689 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=688 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------