Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

IBM posts fix for DB2 Linux security flaw
C-Net ^ | Sept 17, 2003 | Martin LaMonica

Posted on 09/18/2003 5:24:29 AM PDT by Golden Eagle

IBM posts fix for DB2 Linux security flaw

By Martin LaMonica

Staff Writer, CNET News.com

A security flaw in Linux editions of IBM's DB2 database could allow unauthorized users to seize control of a database's contents, Big Blue has revealed.

IBM said that the problem affects version 7 of its DB2 database for Linux. The company posted a patch, called FixPak 10a, on its Web site. IBM also is expected to update its usual DB2 version 7 technical support page with the latest fix.

The flaw was uncovered by Boston security company Core Security Technologies, which alerted IBM. Core Security Technologies plans to issue an alert on the vulnerability Thursday.

Engineers at the security company said the vulnerability, which could allow a person to get "root" privileges to a DB2 database, is simple to exploit. A company employee, for example, with only limited database access rights could trick the system into giving him or her access to the entire data store.

"This flaw is serious because it allows somebody to get control of a system...DB2 is a database, and we assume there is sensitive information in the database," said Paul Paget, CEO of Core Security Technologies.

The vulnerability allows a hacker to launch a "buffer overflow" attack by sending a long command to a file in the DB2 database, which dictates access privileges, according to Core Security Technologies. With a buffer overflow, hackers can take control of a system and implant unwanted programs.


TOPICS: Business/Economy; Crime/Corruption; News/Current Events
KEYWORDS: ibm; linux; lowqualitycrap
Navigation: use the links below to view more comments.
first previous 1-2021 last
To: TechJunkYard
You will never hear me say that Microsoft's products, or anyone else's, is solid. I have met a few that were awesome, as I worked many years in DoD, but very few on the commercial market are really worth a damn.
21 posted on 09/18/2003 7:12:30 PM PDT by PatrioticAmerican (Read Travis McGee's Book! www.EnemiesForeignAndDomestic.com)
[ Post Reply | Private Reply | To 13 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-2021 last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson