Vigil@nce - IBM DB2: privilege escalation via Stored Procedure
June 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A local attacker, with the CREATE_EXTERNAL_ROUTINE privilege, can
create a Stored Procedure of IBM DB2, in order to escalate his
privileges on Windows.
– Impacted products: DB2 UDB
– Severity: 2/4
– Creation date: 26/05/2014
DESCRIPTION OF THE VULNERABILITY
A local attacker, with the CREATE_EXTERNAL_ROUTINE privilege, can
create a Stored Procedure of IBM DB2, in order to escalate his
privileges on Windows.
Technical details are unknown.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/IBM-DB2-privilege-escalation-via-Stored-Procedure-14800