Incorrect authorization checks in DB2 allows user with select access update and delete

USERS AFFECTED:
All DB2 UDB systems on all Linux, Unix, and Windows platforms at service levels from Version 9.1 GA through 9.1 FP1 are vulnerable. Users are encouraged to update to 9.1 FP2.

It is possible to bypass DB2 authorization checking. This vulnerability can enable a user who holds SELECT privilege on a table to update or delete the contents of the table, even if they do not hold the required update and/or delete privileges.

APAR information
APAR number : JR25941
Reported component name : DB2 UDB WSE WIN
Reported component ID : 5765F3501
Reported release : 910
Status : CLOSED
PER PE : NoPE
HIPER : YesHIPER
Special Attention : NoSpecatt
Submitted date : 2007-02-12
Closed date : 2007-02-22
Last modified date : 2007-02-22

http://www-1.ibm.com/support/docview.wss?uid=swg1JR25941

Posted February 26, 2007 | Filed under DBA News, IBM [permalink]

News Categories

Tutorials and Docs

Sponsors

Syndicate DBA Place

Search

Archives

February 2007
M T W T F S S
« Jan   Mar »
 1234
567891011
12131415161718
19202122232425
262728  

Sponsors

18 queries. 0.249 seconds