DB2 db2govd, db2start and db2stop Privilege Escalation Vulnerabilities

November 10, 2003

[From Secunia]

Some vulnerabilities have been reported in DB2, which can be exploited by malicious users to escalate their privileges.

The problem is that certain command line arguments aren't properly verified. This can be exploited by supplying overly long, specially crafted strings and string containing format specifiers, which may allow execution of arbitrary code with escalated privileges.

The article continues at http://www.secunia.com/advisories/10173/