IBM DB2 Remote Command Server Privilege Escalation Vulnerability

IBM DB2 Remote Command Server Privilege Escalation Vulnerability

IBM DB2 Remote Command Server is prone to a vulnerability that may permit authenticated users to gain administrative access to the underlying database. This is because when the server accepts commands from legitimate users, it spawns another process with elevated privileges to execute the commands. In this manner, a user may execute arbitrary commands with the privileges of the db2admin account.

This issue is only known to exist on Windows platforms, though there have been conflicting details reported that seem to indicate that this issue may also affected DB2 releases for other platforms.