DB2 Universal Database Multiple Vulnerabilities

October 6, 2004

[From Secunia]

Multiple vulnerabilities have been reported in DB2 Universal Database, where some of the vulnerabilities can be exploited to compromise a vulnerable system.

1) Improper permissions for the "everyone" group on Windows systems makes it possible to access certain DB2 resources, which should not be possible.

2) An input validation error within the DB2 security service can be exploited to crash it by sending specially crafted data.

3) An access control error makes it possible for users to signal the DB2 UDB instance to shut down.


The article continues at http://secunia.com/advisories/12733/