• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

IBM DB2 db2ckpw Buffer Overflow Vulnerability

IBM DB2 includes the utility 'db2ckpw' as part of it's authentication system. By default, db2ckpw is installed setuid root.

An exploitable buffer overflow vulnerability exists in db2ckpw. It is possible to trigger the condition by supplying a username value greater than 8 characters in length. Exploitation of this vulnerability may allow for local attackers to gain root privileges.