RETIRED: IBM DB2 and DB2 Connect Tivoli Monitoring Agent Local Privilege Escalation Vulnerability
BID:51181
Info
RETIRED: IBM DB2 and DB2 Connect Tivoli Monitoring Agent Local Privilege Escalation Vulnerability
| Bugtraq ID: | 51181 |
| Class: | Design Error |
| CVE: |
CVE-2011-4061 |
| Remote: | No |
| Local: | Yes |
| Published: | Dec 23 2011 12:00AM |
| Updated: | Oct 10 2018 11:00AM |
| Credit: | Tim Brown |
| Vulnerable: |
IBM DB2 Workgroup Server Edition 9.7 IBM DB2 Workgroup Server Edition 9.5 IBM DB2 Express Edition 9.7 IBM DB2 Express Edition 9.5 IBM DB2 Enterprise Server Edition 9.7 IBM DB2 Enterprise Server Edition 9.5 IBM DB2 Connect Unlimited Edition for System z 9.7 IBM DB2 Connect Unlimited Edition for System z 9.5 IBM DB2 Connect Unlimited Edition for System i 9.7 IBM DB2 Connect Unlimited Edition for System i 9.5 IBM DB2 Connect Enterprise Edition 9.7 IBM DB2 Connect Enterprise Edition 9.5 IBM DB2 Advanced Enterprise Server Edition 9.7 IBM DB2 Advanced Enterprise Server Edition 9.5 |
| Not Vulnerable: | |
Discussion
RETIRED: IBM DB2 and DB2 Connect Tivoli Monitoring Agent Local Privilege Escalation Vulnerability
IBM DB2 and DB2 Connect are prone to a local privilege-escalation vulnerability.
Exploiting this issue allows local attackers to load arbitrary files and execute arbitrary code with elevated privileges.
The following products are affected:
IBM DB2 Express Edition
IBM DB2 Workgroup Server Edition
IBM DB2 Enterprise Server Edition
IBM DB2 Advanced Enterprise Server Edition
IBM DB2 Connect Application Server Edition
IBM DB2 Connect Enterprise Edition
IBM DB2 Connect Unlimited Edition for System i
IBM DB2 Connect Unlimited Edition for System z
NOTE: This BID is being retired as it is a duplicate of BID 48514 (IBM DB2 'DT_RPATH' Insecure Library Loading Arbitrary Code Execution Vulnerability).
IBM DB2 and DB2 Connect are prone to a local privilege-escalation vulnerability.
Exploiting this issue allows local attackers to load arbitrary files and execute arbitrary code with elevated privileges.
The following products are affected:
IBM DB2 Express Edition
IBM DB2 Workgroup Server Edition
IBM DB2 Enterprise Server Edition
IBM DB2 Advanced Enterprise Server Edition
IBM DB2 Connect Application Server Edition
IBM DB2 Connect Enterprise Edition
IBM DB2 Connect Unlimited Edition for System i
IBM DB2 Connect Unlimited Edition for System z
NOTE: This BID is being retired as it is a duplicate of BID 48514 (IBM DB2 'DT_RPATH' Insecure Library Loading Arbitrary Code Execution Vulnerability).
Exploit / POC
RETIRED: IBM DB2 and DB2 Connect Tivoli Monitoring Agent Local Privilege Escalation Vulnerability
Currently, we are not aware of any exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently, we are not aware of any exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
RETIRED: IBM DB2 and DB2 Connect Tivoli Monitoring Agent Local Privilege Escalation Vulnerability
Solution:
The vendor released updates to address this issue. Please see the references for details.
Solution:
The vendor released updates to address this issue. Please see the references for details.
References
RETIRED: IBM DB2 and DB2 Connect Tivoli Monitoring Agent Local Privilege Escalation Vulnerability
References:
References: