USERS AFFECTED:
All DB2 UDB systems on all Linux, Unix, and Windows platforms at service levels from Version 9.1 GA through 9.1 FP1 are vulnerable. Users are encouraged to update to 9.1 FP2.

It is possible to bypass DB2 authorization checking. This vulnerability can enable a user who holds SELECT privilege on a table to update or delete the contents of the table, even if they do not hold the required update and/or delete privileges.

APAR information
APAR number : JR25941
Reported component name : DB2 UDB WSE WIN
Reported component ID : 5765F3501
Reported release : 910
Status : CLOSED
PER PE : NoPE
HIPER : YesHIPER
Special Attention : NoSpecatt
Submitted date : 2007-02-12
Closed date : 2007-02-22
Last modified date : 2007-02-22

http://www-1.ibm.com/support/docview.wss?uid=swg1JR25941

“A vulnerability has been identified in IBM DB2 for Linux, which could be exploited by local attackers to bypass security restrictions. This issue is due to errors in various setuid binaries that handle temporary files in an insecure manner, which could allow malicious users to conduct symlink attacks and create or overwrite arbitrary files with the privileges of the user invoking the vulnerable application.”

Users are encouraged to update to DB2 v.9 SP2

More Information Available from:
FrSIRT/ADV-2007-0652
IBM Website IY94817

Today EMC introduced the “EMC CLARiiON CX3-10 UltraScale” networked storage system, a new entry point into its market-leading series of full 4Gb/s storage arrays; The new EMC RecoverPoint/SE software, an entry point for network-based asynchronous replication in mid-tier storage environments; and three solutions to help midsize businesses consolidate, back up, archive and protect their Microsoft SQL Server 2005, Microsoft Exchange 2003 and Oracle RAC 10g environments.

[ Read more ]

IBM has opened up beta testing of it’s new Informix database product code named cheeta. The final version is due out later this year. Prior to release IBM will be working with Novell for a bundled Linux and Database solution. The beta can be downloaded from : http://www-306.ibm.com/software/info/ids/cheetah/index.jsp

Donald Ferguson led project development for applications such as Web Sphere, Tivoli and Lotus. Ferguson is now placed in Technical Fellow in Platforms and Strategy at Microsoft, a team being built by Ray Ozzie, who himself came from IBM. Ozzie wrote the Lotus Notes product from the beginning while at IBM and joined Microsoft in June 2006.

In 2006 IBM topped the charts with 3,621 patents. IBM beat its own record and registered more U.S. patents than any other company for the 14th consecutive year. IBM recently announced that it will hold a forum to get small and medium sized business views of the current patent system.