WebProgrammingTalk

Full Version: IBM DB2 Universal Database Local Privilege Escalation Vulnerabilities
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

sphere

Multiple vulnerabilities have been identified in IBM DB2 Universal Database, which could be exploited by local attackers to gain elevated privileges.

The first issue is caused by an error in the "db2dasrrm" utility that creates the "dasRecoveryIndex", "dasRecoveryIndex.tmp", ".dasRecoveryIndex.lock", and "dasRecoveryIndex.cor" with insecure permissions, which could be exploited by the "dasusr1" user or a local attacker (member of the "db2adm1" group) to gain root privileges via symbolic links.

The second vulnerability is caused by a buffer overflow error in the "db2dasrrm" utility when processing the "DASPROF" environment variable, which could be exploited by local attackers to execute arbitrary code with root privileges.
Good guide Smile where do you find all of them or do you write them yourself?