Skip to comments.
IBM posts fix for DB2 Linux security flaw
C-Net ^
| Sept 17, 2003
| Martin LaMonica
Posted on 09/18/2003 5:24:29 AM PDT by Golden Eagle
IBM posts fix for DB2 Linux security flaw
By Martin LaMonica
Staff Writer, CNET News.com
A security flaw in Linux editions of IBM's DB2 database could allow unauthorized users to seize control of a database's contents, Big Blue has revealed.
IBM said that the problem affects version 7 of its DB2 database for Linux. The company posted a patch, called FixPak 10a, on its Web site. IBM also is expected to update its usual DB2 version 7 technical support page with the latest fix.
The flaw was uncovered by Boston security company Core Security Technologies, which alerted IBM. Core Security Technologies plans to issue an alert on the vulnerability Thursday.
Engineers at the security company said the vulnerability, which could allow a person to get "root" privileges to a DB2 database, is simple to exploit. A company employee, for example, with only limited database access rights could trick the system into giving him or her access to the entire data store.
"This flaw is serious because it allows somebody to get control of a system...DB2 is a database, and we assume there is sensitive information in the database," said Paul Paget, CEO of Core Security Technologies.
The vulnerability allows a hacker to launch a "buffer overflow" attack by sending a long command to a file in the DB2 database, which dictates access privileges, according to Core Security Technologies. With a buffer overflow, hackers can take control of a system and implant unwanted programs.
TOPICS: Business/Economy; Crime/Corruption; News/Current Events
KEYWORDS: ibm; linux; lowqualitycrap
Navigation: use the links below to view more comments.
first 1-20, 21 next last
A security flaw in Linux editions of IBM's DB2 database could allow unauthorized users to seize control of a database's contents...the vulnerability, which could allow a person to get "root" privileges to a DB2 database, is simple to exploit. Sounds pretty serious. I thought these kind of problems only happened to M$?
To: rdb3; Coral Snake; Nick Danger; Liberal Classic; Salo; TechJunkYard; justlurking; The Red Zone; ...
Interesting...
To: Golden Eagle
Then you should read more. Thanks for the heads-up. BTW, it sounds like an app problem, not an OS problem.
Sounds pretty serious. I thought these kind of problems only happened to M$?
3
posted on
09/18/2003 6:53:38 AM PDT
by
Salo
(Are you a man, or a mouse-user?)
To: Golden Eagle
Thanks for posting this. You may have saved my bacon. Installing now.
4
posted on
09/18/2003 7:39:13 AM PDT
by
Physicist
To: Physicist
You may have saved my bacon "Nothing is so exhilarating as to be shot at without result."
- Winston Churchill
:^)
5
posted on
09/18/2003 7:48:39 AM PDT
by
general_re
(SURGEON GENERAL'S WARNING: Quitting Sarcasm Now Greatly Reduces Serious Risks To Your Health.)
To: Salo
Sorry, I guess I forgot the '/sarcasm' in my post. ;-)
To: Physicist
Very welcome. You can never be too careful anymore.
To: Golden Eagle
You have to access to the system to exploit it. It's not vulnerable to script kiddies on the internet.
8
posted on
09/18/2003 10:14:05 AM PDT
by
dljordan
To: dljordan
To: Golden Eagle
Linux is solid, it is DB2 that...oh....nevermind. The Linux crowd is like the Clintoon supporters; they always have an excuse why a Linux problem is different.
10
posted on
09/18/2003 10:29:06 AM PDT
by
PatrioticAmerican
(Read Travis McGee's Book! www.EnemiesForeignAndDomestic.com)
To: Golden Eagle
It's still better than the output of your fascist, FUDing, pump 'n' dumping,
paperhanging HEROES:
In addition to these rather obvious transactions, we also know that a venture capital firm in which a Mr. William Gates is a significant investor has quietly passed the 5% ownership level in SCO, triggering a report to the SEC to that effect. These SCO shares were not purchased in the market, but in the form of private placements of newly-issued shares direct from SCO.
From billparish.com, Second Microsoft Financial Fraud Pyramid Report:
This includes claiming a tax deduction of $22 billion for wages for this same two-year period. These wages were printed up as new stock certificates on a photo copy machine in the accounting office and passed out to employees who later cashed them in at their brokerage company.
CSBITAIALMAO!!!
It is simply AMAZING that we are still considering THIS legal business practices. We've got a couple more ENRONS in the making here.
11
posted on
09/18/2003 12:26:47 PM PDT
by
Coral Snake
(Biting commies, crooks, globalist traitors, islamofascists and any other type of Anti American)
To: Golden Eagle
And by the way Just look at that MONKEY DANCING IDIOT aside one of the worst combover-toupee jobs since former congressman Trafficant.
He holds the CEO SEAT at your favorite company, another ENRON in the making.
12
posted on
09/18/2003 12:38:58 PM PDT
by
Coral Snake
(Biting commies, crooks, globalist traitors, islamofascists and any other type of Anti American)
To: PatrioticAmerican
Linux Windows is solid, it is DB2 Outlook / IE / MS-SQL that...oh....nevermind. Get the difference yet?
To: TechJunkYard
Thought you would be offline today because of the hurricane. Glad to see that you are with us ;-).
14
posted on
09/18/2003 2:58:26 PM PDT
by
Coral Snake
(Biting commies, crooks, globalist traitors, islamofascists and any other type of Anti American)
To: TechJunkYard
Also thank you for the pics. They came from one of your posts on our last "over 600" post flame war when I was on the WRONG SIDE in this mess.
15
posted on
09/18/2003 3:01:39 PM PDT
by
Coral Snake
(Biting commies, crooks, globalist traitors, islamofascists and any other type of Anti American)
To: Coral Snake
We just got some rain out of it. Wind speed up to about 26 MPH or so. The rain just barely crossed I-77.
To: Coral Snake
Yeah, I've noticed you recycling those pix quite a bit. ;-)
To: TechJunkYard
Basically I'm justy trying to show my former pals Bush2000, Golden Eagle and TheEngineer that their own heroes' paperhanging (over issuing of their own company stock using LEXMARK MACHINES) is probably even WORSE for the American economy than the assumed dammage they attribute to Linux. I think those particular picks help out in this because the Darl McBride one really brings out the evil in him and the Microsoft one brings out both the evil and idiocy of their own top management. (Just look at that idiot smile on the both of them. It makes them look like they are on crack or 'shrooms.) You and the rest of the Linux crowd here should really take a look at billparish.com. Even though a lot of the material is dated what he has to say about Microsoft stock issuence practices and the effect they have on other companies trying to emulate them makes for a really explosive expose of the basic dishonesty of this company. This past record of dishonesty clearly shows that Microsoft IS a company that could be behind SCO's frivolous lawsuit and that SCO in actuality is simply a sock puppet for them.
18
posted on
09/18/2003 3:46:02 PM PDT
by
Coral Snake
(Biting commies, crooks, globalist traitors, islamofascists and any other type of Anti American)
To: Coral Snake
What do those pics have to do with this thread other than prove you are obsessed with M$? Just because Gates and your cheap novel conspiracy dominate your mind completely is no reason to post them on every computer related thread. Got anything original, or pertinent to this thread? Thought not.
To: Coral Snake
I'm justy trying to show my former pals Bush2000, Golden Eagle and TheEngineer their own heroes' paperhanging (over issuing of their own company stock using LEXMARK MACHINES) is probably even WORSE for the American economy than the assumed dammage they attribute to Linux. Show me where I even remotely stated (or even alluded) that Gates, Ballmer, or McBride are my 'heroes'... Or just show me where I've ever mentioned any one of those 3 guys in any post here on FR.
You and the rest of the Linux crowd here should really take a look at billparish.com. Even though a lot of the material is dated what he has to say about Microsoft stock issuence practices and the effect they have on other companies trying to emulate them makes for a really explosive expose of the basic dishonesty of this company. has never drawn the attention of the SEC or the Justice Dept, despite Bill Parish's claims being repeated since 1998.
Fixed it for you.
Basically I'm justy trying to show my former pals Bush2000, Golden Eagle and TheEngineer that...
Just a style point to consider, FR rookie... Posts that mention other freepers who aren't on the thread and aren't named in the "To:" list are generally considered to be a form of gutless, "behind-the-back" talk. Of course, I don't really want to be pinged to your garbage posts any more than necessary, so carry on...
Navigation: use the links below to view more comments.
first 1-20, 21 next last
Disclaimer:
Opinions posted on Free Republic are those of the individual
posters and do not necessarily represent the opinion of Free Republic or its
management. All materials posted herein are protected by copyright law and the
exemption for fair use of copyrighted works.
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson