IBM Support

IZ03546: SECURITY: LOCAL ROOT EXPLOITS DB2PD VULNERABILITY

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • Local exploitation of a design error in db2pd could allow an
    attacker to elevate privileges to root when running the db2pd
    tool.
    
    This problem was reported to IBM by an anonymous researcher
    working with the iDefense Vulnerability Contributor Program
    (VCP) and Joshua J. Drake of iDefense Labs.
    
    This APAR addresses the issues described by CVE-2007-5757 at
    cve.mitre.org
    

Local fix

Problem summary

  • See problem description
    

Problem conclusion

  • APAR first fixed in DB2 version 8.1 fixpak 16
    

Temporary fix

Comments

APAR Information

  • APAR number

    IZ03546

  • Reported component name

    DB2 UDB ESE AIX

  • Reported component ID

    5765F4100

  • Reported release

    820

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    YesHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2007-08-22

  • Closed date

    2008-02-29

  • Last modified date

    2008-03-06

  • APAR is sysrouted FROM one or more of the following:

    IZ03073

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    DB2 UDB ESE AIX

  • Fixed component ID

    5765F4100

Applicable component levels

  • R810 PSY

       UP



Document information

More support for: DB2 for Linux, UNIX and Windows

Software version: 820

Reference #: IZ03546

Modified date: 06 March 2008


Translate this page: