漏洞类别:Database
漏洞等级: 
漏洞信息
IBM DB2 is vulnerable to a privilege escalation due to loading libraries from insecure locations.
A local user could place a malicious library in a location that a SETGID or SETUID binary would execute and gain root level access.
Affected Versions:-
IBM DB2 9.7
IBM DB2 10.1
IBM DB2 10.5
IBM DB2 11.1.1
漏洞危害
A vulnerability in IBM DB2 could allow a local user to gain elevated privilege.
解决方案
Please refer to the following link swg21990061 for more details. Workaround:
The following remediation instructions will remove the vulnerability without side-effects. The user executing the commands must be root and the instructions must be repeated for each DB2 instance and in the DB2 install directory.
The following example will use /home/db2inst1/sqllib as the DB2 instance install directory. You should replace the sample directory with your DB2 instance install directory. Repeat the procedure with the DB2 install directory which is under /opt/ibm/db2/(db2_release_name) or /opt/IBM/db2/(db2_release_name), depending on the platform.
The following will fix the install component that exists at the DB2 client and server.
cd /home/db2inst1/sqllib
bin/db2chglibpath -s '\.:' -r ' adm/db2iclean
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论