IBM DB2 for Linux Temporary File Creation Vulnerability

“A vulnerability has been identified in IBM DB2 for Linux, which could be exploited by local attackers to bypass security restrictions. This issue is due to errors in various setuid binaries that handle temporary files in an insecure manner, which could allow malicious users to conduct symlink attacks and create or overwrite arbitrary files with the privileges of the user invoking the vulnerable application.”

Users are encouraged to update to DB2 v.9 SP2

More Information Available from:
FrSIRT/ADV-2007-0652
IBM Website IY94817

Posted February 20, 2007 | Filed under DBA News, IBM [permalink]

Leave a Reply

You must be logged in to post a comment.


News Categories

Tutorials and Docs

Sponsors

Syndicate DBA Place

Search

Archives

September 2010
M T W T F S S
« Jan    
 12345
6789101112
13141516171819
20212223242526
27282930  

Sponsors

26 queries. 0.461 seconds