IBM DB2 'DT_RPATH' Insecure Library Loading Code Execution Vulnerabilities Network Vulnerability

Summary

The host is running IBM DB2 and is prone to insecure library loading vulnerabilities.

Impact

Successful exploitation allows local unauthenticated users to gain elevated privileges and execute arbitrary code with root privileges. Impact Level: Application.

Solution

Upgrade to version 9.7 Fix Pack 6, 10.1 Fix Pack 1, or higher, http://www-01.ibm.com/support/docview.wss?rs=71&uid=swg27007053

Insight

The flaws are due to an error in 'db2rspgn' and 'kbbacf1', which allow users to gain privileges via a Trojan horse libkbb.so in the current working directory.

Affected

IBM DB2 version 9.7

References

http://www.nth-dimension.org.uk/downloads.php?id=77
http://www.nth-dimension.org.uk/downloads.php?id=83
http://www.securityfocus.com/archive/1/518659

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-4061
CVSS Base Score: 6.9
AV:L/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

MySQL Unspecified vulnerabilities-05 July-2013 (Windows)
Oracle MySQL Multiple Unspecified vulnerabilities-04 Oct14 (Windows)
IBM DB2 'DT_RPATH' Insecure Library Loading Code Execution Vulnerabilities
IBM DB2 db2pd Denial Of Service Vulnerability (Win)
IBM DB2 SYSIBMADM Multiple Vulnerabilities (Sep10)

Take action and discover your vulnerabilities