---------------------------------------------------------------------- 2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published How do you know which Secunia advisories are important to you? The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively. Get a free trial of the Secunia Vulnerability Intelligence Solutions: http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv ---------------------------------------------------------------------- TITLE: IBM DB2 Multiple Vulnerabilities and Security Issue SECUNIA ADVISORY ID: SA27667 VERIFY ADVISORY: http://secunia.com/advisories/27667/ CRITICAL: Moderately critical IMPACT: Unknown, Privilege escalation WHERE: >From remote SOFTWARE: IBM DB2 for Linux UNIX and Windows 9.x http://secunia.com/product/13504/ DESCRIPTION: Some vulnerabilities and a security issue have been reported in IBM DB2, some of which have unknown impacts, and the other can be exploited by malicious, local users to gain escalated privileges or perform certain actions with escalated privileges. 1) Unspecified errors exist in DB2WATCH, DB2FREEZE, and within several setuid binaries. No further information is available. 2) The DB2DART tool executes the "TPUT" command and allows a user to execute commands as the DB2 instance owner. 3) Other errors in the "OPERATING SYSTEM SERVICES" component (e.g. incorrect permissions on ACLs for DB2NODES.CFG) have also been reported. No further information is available. SOLUTION: Apply Fixpak 4. http://www-1.ibm.com/support/docview.wss?rs=71&uid=swg21255572 PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: IZ03646, IZ03655, IZ05461, IZ07018, JR26989: http://www-1.ibm.com/support/docview.wss?uid=swg21255607 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------