USERS AFFECTED:
All DB2 UDB systems on all Linux, Unix, and Windows platforms at service levels from Version 9.1 GA through 9.1 FP1 are vulnerable. Users are encouraged to update to 9.1 FP2.

It is possible to bypass DB2 authorization checking. This vulnerability can enable a user who holds SELECT privilege on a table to update or delete the contents of the table, even if they do not hold the required update and/or delete privileges.

APAR information
APAR number : JR25941
Reported component name : DB2 UDB WSE WIN
Reported component ID : 5765F3501
Reported release : 910
Status : CLOSED
PER PE : NoPE
HIPER : YesHIPER
Special Attention : NoSpecatt
Submitted date : 2007-02-12
Closed date : 2007-02-22
Last modified date : 2007-02-22

http://www-1.ibm.com/support/docview.wss?uid=swg1JR25941

“A vulnerability has been identified in IBM DB2 for Linux, which could be exploited by local attackers to bypass security restrictions. This issue is due to errors in various setuid binaries that handle temporary files in an insecure manner, which could allow malicious users to conduct symlink attacks and create or overwrite arbitrary files with the privileges of the user invoking the vulnerable application.”

Users are encouraged to update to DB2 v.9 SP2

More Information Available from:
FrSIRT/ADV-2007-0652
IBM Website IY94817

Today EMC introduced the “EMC CLARiiON CX3-10 UltraScale” networked storage system, a new entry point into its market-leading series of full 4Gb/s storage arrays; The new EMC RecoverPoint/SE software, an entry point for network-based asynchronous replication in mid-tier storage environments; and three solutions to help midsize businesses consolidate, back up, archive and protect their Microsoft SQL Server 2005, Microsoft Exchange 2003 and Oracle RAC 10g environments.

[ Read more ]

Microsoft released Service Pack 2 for SQL Server 2005. New features include analysis business intelligence for Microsoft Office 2007, limited data mining viewers with local mining models and general performance-related improvements.

[ More Information ]

[ Download Online ]

According to a recent data sheet from Microsoft, the new Mobile Phone and PDA software Windows Mobile 6 will include Ajax and .Net support with SQL Server Compact Edition installed by default in the ROM image.

[ View the PDF data sheet online ]

DBA Place will be migrating user authentication from locally managed, to a platform that will allow our users to access multiple external websites including hundreds of our own existing websites with a single login. We have created www.oidd.net to manage authentication for our network. Please signup a free open id server account at oidd.net as soon as possible, you’ll continue to be able to use your DBA Place login, but will have the extra option of associating your free Open ID account at oidd.net with it. Over the next two weeks you’ll notice both an OpenID login and our standard login box, within a month the OpenID login box will be the only one to remain however. Please email admin at oidd dot net with any trouble.