DB2 Vulnerability Lets Hackers Gain Control

Core Security says it has been working with IBM to develop a patch for the problem.

The vulnerability affects two setuid binaries, db2licm and db2dart, which run with elevated privileges on behalf of regular, unprivileged users.

Both utilities are vulnerable to a buffer overflow that allows a local attacker to execute arbitrary code on the vulnerable system with privileges of the root user.

For more information, see Core Security Web site, and for patch information, see the IBM Web site.

This story courtesy of Internetweek.