Untrusted Search Path Vulnerability in IBM DB2 Universal Database
CVE-2007-5757

Currently unrated

Key Information:

Vendor: IBM
Status: Db2 Universal Database
Vendor: CVE Published:; 13 February 2008

Summary

The vulnerability in IBM DB2 Universal Database's db2pd component allows local users to escalate privileges by manipulating the DB2INSTANCE environment variable. By directing this variable to a malicious library, attackers can execute arbitrary code with elevated rights. This issue highlights the risk associated with improper handling of environment variables and emphasizes the necessity for robust security practices in managing DB2 installations.

References

ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-...

x_refsource_CONFIRM

http://securitytracker.com/id?1019319

vdb-entryx_refsource_SECTRACK

http://labs.idefense.com/intelligence/vulnerabilities/dis...

third-party-advisoryx_refsource_IDEFENSE

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Feb 13, 2008