Summary
The host is running IBM DB2 and is prone to insecure library loading vulnerabilities.
Impact
Successful exploitation allows local unauthenticated users to gain elevated privileges and execute arbitrary code with root privileges.
Impact Level: Application.
Solution
Upgrade to version 9.7 Fix Pack 6, 10.1 Fix Pack 1, or higher, http://www-01.ibm.com/support/docview.wss?rs=71&uid=swg27007053
Insight
The flaws are due to an error in 'db2rspgn' and 'kbbacf1', which allow users to gain privileges via a Trojan horse libkbb.so in the current working directory.
Affected
IBM DB2 version 9.7
References
Severity
Classification
-
CVE CVE-2011-4061 -
CVSS Base Score: 6.9
AV:L/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- IBM DB2 Distributed Relational Database Architecture Request DoS Vulnerability
- Oracle MySQL Multiple Unspecified vulnerabilities - 04 May14 (Windows)
- Oracle MySQL Multiple Unspecified vulnerabilities-01 Oct14 (Windows)
- IBM DB2 OLAP Specification Query Denial of Service Vulnerability
- Oracle MySQL Multiple Unspecified vulnerabilities-02 July14 (Windows)