IBM DB2 10.1 Gain Unauthorised Privileges Vulnerability
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a malicious user with access to the DB2 instance account to leverage a fenced execution process to execute arbitrary code as root.
The information has been provided by IBM
The original article can be found at:
When a DB2 instance is created a “fenced” user is specified to run external stored procedures/user defined functions. Db2 could allow malicious user with access to the Db2 instance owner account to leverage a fenced execution process to execute arbitrary code as root. This vulnerability exists even if fenced stored procedures are not used.
IBM DB2 9.7 FP11
IBM DB2 9.7
IBM DB2 184.108.40.206 iFix001
IBM DB2 11.1
IBM DB2 10.5 FP10
IBM DB2 10.5
IBM DB2 10.1 FP6
IBM DB2 10.1