IBM DB2 Universal Database Server 'db2db' Local Privilege Escalation Vulnerability

IBM DB2 Universal Database Server 'db2db' Local Privilege Escalation Vulnerability

IBM DB2 Universal Database Server is prone to a local privilege-escalation vulnerability because of how the application contructs library paths.

Exploiting this issue allows local attackers to gain root privileges. Note that an attacker must be able to execute the set-uid root 'db2pd' binary to exploit this issue.

DB2 Universal Database Server 9.1 FixPack 2 on Linux systems is vulnerable. Other versions, including those for other UNIX platforms, are suspected to be vulnerable.

NOTE: This vulnerability was previously disclosed in BID 27596 'IBM DB2 Universal Database Server 8.2 Prior To Fixpak 16 Multiple Local Vulnerabilities'. Due to more information, it has been assigned its own record.