---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. Download and test it today: https://psi.secunia.com/ Read more about this new version: https://psi.secunia.com/?page=changelog ---------------------------------------------------------------------- TITLE: IBM DB2 UDB Multiple Vulnerabilities SECUNIA ADVISORY ID: SA28771 VERIFY ADVISORY: http://secunia.com/advisories/28771/ CRITICAL: Moderately critical IMPACT: Unknown, Security Bypass, Privilege escalation, DoS WHERE: >From remote SOFTWARE: DB2 Universal Database 8.x http://secunia.com/product/857/ DESCRIPTION: Multiple vulnerabilities have been reported in IBM DB2 UDB, where some have unknown impacts, while others can be exploited by malicious, local users to gain escalated privileges, and by malicious people to bypass certain security restrictions or to cause a DoS (Denial of Service). 1) An unspecified error within the DB2PD tool can be exploited to gain root privileges. 2) An boundary error within the DAS server can be exploited to cause a buffer overflow or trigger an invalid memory access. 3) An unspecified vulnerability exists within the SYSPROC.ADMIN_SP_C routine. No further information is available. 4) An unspecified vulnerability when executing "ALTER TABLE" statements can be exploited to bypass certain access restrictions. The vulnerabilities are reported in versions prior to 8.2 Fixpak 16. SOLUTION: Restrict local and network access to trusted users only. Apply Fixpak 16 when available. http://www-1.ibm.com/support/docview.wss?rs=71&uid=swg21256235 PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------