IBM posts fix for DB2 Linux security flaw

By Martin LaMonica
September 17, 2003, 12:24 PM PT

A security flaw in Linux editions of IBM's DB2 database could allow unauthorized users to seize control of a database's contents, Big Blue has revealed.
IBM said that the problem affects version 7 of its DB2 database for Linux. The company posted a patch, called FixPak 10a, on its Web site. IBM also is expected to update its usual DB2 version 7 technical support page with the latest fix.

The flaw was uncovered by Boston security company Core Security Technologies, which alerted IBM. Core Security Technologies plans to issue an alert on the vulnerability Thursday.

Engineers at the security company said the vulnerability, which could allow a person to get "root" privileges to a DB2 database, is simple to exploit. A company employee, for example, with only limited database access rights could trick the system into giving him or her access to the entire data store.

More at (