Database administration for fun and profit

Security Bulletin: DB2 Escalation of Privilege Vulnerability

A vulnerability has been found in the Tivoli Monitoring Agent (ITMA) that ships with DB2 9.5 and 9.7. It allows a local user to run arbitrary code with elevated (root) privileges.

If you are using ITMA, take a note of how to apply the workaround: http://www.ibm.com/support/docview.wss?uid=swg21576372&myns=swgimgmt&mynp=OCSSEPGG&mync=E

Apparently, the Response File Generator utility, db2rspgn, is also affected: http://osvdb.org/show/osvdb/76456

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.