IBM Support

IZ03073: SECURITY: LOCAL ROOT EXPLOITS DB2PD VULNERABILITY

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • Local exploitation of a design error in db2pd could allow an
    attacker to elevate privileges to root when running the db2pd
    tool.
    
    This problem was reported to IBM by an anonymous researcher
    working with the iDefense Vulnerability Contributor Program
    (VCP) and Joshua J. Drake of iDefense Labs.
    
    This APAR addresses the issues described by CVE-2007-5757 at
    cve.mitre.org
    

Local fix

Problem summary

  • see problem description
    

Problem conclusion

  • APAR first fixed in DB2 version 8.1 fixpak 16
    

Temporary fix

Comments

APAR Information

  • APAR number

    IZ03073

  • Reported component name

    DB2 UDB ESE AIX

  • Reported component ID

    5765F4100

  • Reported release

    910

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    YesHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2007-08-14

  • Closed date

    2008-02-29

  • Last modified date

    2008-03-06

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

    IZ03546 IZ03548 IZ03550 IZ03552 IZ03553

Fix information

  • Fixed component name

    DB2 UDB ESE AIX

  • Fixed component ID

    5765F4100

Applicable component levels

  • R810 PSY

       UP

[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSEPGG","label":"DB2 for Linux- UNIX and Windows"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"910","Line of Business":{"code":"LOB10","label":"Data and AI"}}]

Document Information

Modified date:
08 January 2022