IBM DB2 Universal Database Local Privilege Escalation Vulnerability

June 24, 2005

[From FrSIRT]

A vulnerability was identified in IBM DB2 Universal Database, which could be exploited by local attackers to obtain elevated privileges. This flaw is due to an error when verifying the privilege level of users, which could be exploited by malicious users, with "SELECT" privilege, to insert, update or delete the contents of certain tables, even if they do not hold the required insert, update and/or delete privileges.

The article continues at http://www.frsirt.com/english/advisories/2005/0876