Arbitrary Command Execution Vulnerability in IBM DB2 UDB
CVE-2007-6047

Currently unrated

Key Information:

Vendor: IBM
Status: Db2 Universal Database
Vendor: CVE Published:; 20 November 2007

Summary

A vulnerability exists in the DB2DART tool within IBM DB2 UDB version 9.1 prior to Fixpak 4. This issue could allow malicious actors to execute arbitrary commands as the owner of the DB2 instance. The flaw is associated with the invocation process of the TPUT command within DB2DART, potentially exposing systems to security threats and unauthorized access. Users are advised to apply the relevant fixes and security patches to safeguard their databases.

References

http://www-1.ibm.com/support/docview.wss?uid=swg21255607

x_refsource_CONFIRM

http://www.vupen.com/english/advisories/2007/3867

vdb-entryx_refsource_VUPEN

http://www.securityfocus.com/bid/26450

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Nov 20, 2007
Vulnerability Reserved
Nov 20, 2007