VULHUB ™

A locally exploitable buffer overflow exists in IBM DB2. This issue is due to insufficient bounds checking of data passed in a command string to the DB2FMP executable. Successful exploitation may allow execution of arbitrary code with elevated privileges. This is likely one of the issues announced in BIDs 11089 and 11327. It is now being assigned its own BID since the vendor has provided additional technical information. It is reported that some versions of DB2FMP may drop superuser privileges prior to the overflow condition being exploitable.

A locally exploitable buffer overflow exists in IBM DB2. This issue is due to insufficient bounds checking of data passed in a command string to the DB2FMP executable. Successful exploitation may allow execution of arbitrary code with elevated privileges. This is likely one of the issues announced in BIDs 11089 and 11327. It is now being assigned its own BID since the vendor has provided additional technical information. It is reported that some versions of DB2FMP may drop superuser privileges prior to the overflow condition being exploitable.