Re: IBM DB2 Remote Command Execution Privilege Upgrade (#NISR09032004)

To: "NGSSoftware Insight Security Research" <nisr@xxxxxxxxxxxxx>
Subject: Re: IBM DB2 Remote Command Execution Privilege Upgrade (#NISR09032004)
From: Marc Bejarano <bugtraq@xxxxxxxx>
Date: Tue, 09 Mar 2004 15:41:21 -0400
Cc: <bugtraq@xxxxxxxxxxxxxxxxx>, <NTBUGTRAQ@xxxxxxxxxxxxxxxxxxxxxx>, <vulnwatch@xxxxxxxxxxxxx>
In-reply-to: <003a01c405e2$be578110$653214ac@GLADIUS>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <003a01c405e2$be578110$653214ac@GLADIUS>

At 10:28 3/9/2004, NGSSoftware Insight Security Research wrote:

NGSSoftware Insight Security Research Advisory

Name: IBM DB2 Remote Command Execution Privilege Upgrade
Systems Affected: DB2 8.1 Enterprise Edition on Windows

Fix Information
***************
IDM have included a fix for this problem in Fixpak 5 -http://www-306.ibm.com/cgi-bin/db2www/data/db2/udb/winos2unix/support/v8fphist.d2w/report.The APAR for this specific issue is IY53894 -http://www-306.ibm.com/cgi-bin/db2www/data/db2/udb/winos2unix/support/aparlib.d2w/display_apar_details?aparno=IY53894.


those docs suggest that this affects ALL platforms, not just windows.

marc

References:
- IBM DB2 Remote Command Execution Privilege Upgrade (#NISR09032004)
  - From: NGSSoftware Insight Security Research

Prev by Date: Establishing contact with Nullsoft
Next by Date: Format string bug in EpicGames Unreal engine
Previous by thread: IBM DB2 Remote Command Execution Privilege Upgrade (#NISR09032004)
Next by thread: Invision Power Board v1.3 Final Cross Site Scripting 2 - Addon
Index(es):
- Date
- Thread