发布日期:2014-05-25
更新日期:2014-05-27
受影响系统:
IBM DB2 Connect 9.x
描述:
--------------------------------------------------------------------------------
BUGTRAQ ID: 67617
CVE(CAN) ID: CVE-2014-0907
IBM DB2是一个大型的商业关系数据库系统。DB2 Connect可将PC和移动设备连接到组织的大型机。
多个IBM DB2产品存在本地权限提升漏洞,成功利用此漏洞可使攻击者获取根权限。受影响产品如下:
IBM DB2 Express Edition
IBM DB2 Workgroup Server Edition
IBM DB2 Enterprise Server Edition
IBM DB2 Connect Application Server Edition
IBM DB2 Connect Application Server Advanced Edition
IBM DB2 Connect Enterprise Edition
IBM DB2 Connect Unlimited Edition for System i
IBM DB2 Connect Unlimited Edition for System z
IBM DB2 Connect Unlimited Advanced Edition for System z
IBM DB2 pureScale Feature 10.1
IBM DB2 Advanced Enterprise Server Edition 10.5
IBM DB2 Advanced Workgroup Server Edition 10.5
IBM DB2 Developer Edition for Linux, Unix and Windows 10.5
<*来源:Tim Brown
*>
建议:
--------------------------------------------------------------------------------
厂商补丁:
IBM
---
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: