“A vulnerability has been identified in IBM DB2 for Linux, which could be exploited by local attackers to bypass security restrictions. This issue is due to errors in various setuid binaries that handle temporary files in an insecure manner, which could allow malicious users to conduct symlink attacks and create or overwrite arbitrary files with the privileges of the user invoking the vulnerable application.”
Users are encouraged to update to DB2 v.9 SP2
More Information Available from:
FrSIRT/ADV-2007-0652
IBM Website IY94817
You must be logged in to post a comment.
| M | T | W | T | F | S | S |
|---|---|---|---|---|---|---|
| « Jan | ||||||
| 1 | 2 | 3 | 4 | 5 | 6 | 7 |
| 8 | 9 | 10 | 11 | 12 | 13 | 14 |
| 15 | 16 | 17 | 18 | 19 | 20 | 21 |
| 22 | 23 | 24 | 25 | 26 | 27 | 28 |
26 queries. 0.140 seconds
