Channel News and Analysis - Channel Insider

 


Convergence:
The Next
Security Wave
The convergence of physical and logical security isn't a new idea, but largely untapped by solution providers. Groups like 1nService and PSA Security are bringing these largely segmented channels together for this $7 billion market opportunity.
 

IBM Issues Patch for DB2 Security Flaw

DATE: 2004-03-10
By Brian Fonseca

Article Rating:starstarstarstarstar / 0

Rate This Article:
Poor Best
Add This Article To:
A software security expert says a DB2 vulnerability could give a low-privilege user full control of the database.

IBM Corp. has issued a patch for a DB2 database vulnerability that, left undetected, could let an intruder compromise administration privileges for DB2 8.1 Enterprise Edition on Microsoft Windows.

To exploit the DB2 flaw, all that is required by a perpetrator is a user ID and password. Through a guest account, an attacker could run commands as an administrator because the Remote Command Server does not drop privileges, said David Litchfield, managing director at London-based Next Generation Security Software Ltd.

According to Litchfield, the Remote Command Server listens on a named pipe, where a small "conversation" takes place when a user connects and sends commands down the pipe. DB2 will then execute that command upon request.

Officials of Armonk, N.Y.-based IBM said no DB2 users have been affected by the vulnerability. Litchfield, however, said the threat to an organization is very real and should be properly addressed.

IBM has included a fix for the DB2 8.1 Enterprise Edition problem in Fixpak 5 at its DB2 technical support Web site.

Click here for the full story.



Discuss IBM Issues Patch for DB2 Security Flaw
 
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Channel News and Analysis Articles          >>> More By Brian Fonseca
 



 
CHANNEL DEEP DIVES
CareersLinux and Unix
Computer NetworkingPrinters
SecuritySMB Partner
StorageSurveys
Solution BuilderMessaging/Collaboration
Dell ResellersMicrosoft Partners

 
 

SIGN UP FOR CHANNEL INSIDER NEWSLETTERS
Reliable, timely information on the business of technology. Sign up now.

RSS SUBSCRIPTIONS
XML
Add Channel News, Product Reviews, Trends and Analysis to your RSS newsreader or My Yahoo!

ZDE Services
> Ziff Davis White Paper Library

> Baseline ROI Calculators

> eWEEK Labs RFPs and Tools

 
CHANNEL RESOURCE CENTER
HP StorageWorks Scalable NAS is highly available, scalable network-attached storage for any industry solution. To learn how you can take full advantage of fault-tolerant NAS that seamlessly scales capacity and performance, visit: http://www.hp.com/go/scalablenas


Feature Video: What Can Green Do For You?
There are many ways that systems can be run faster or more efficiently, using less energy and thereby reducing costs. Watch now!
Microsoft-hosted solution offers you advanced customer relationship management capabilities without a major investment in IT and staffing.
Try It for free for 30 days!
 

 
   Sponsored Links     
 

  • Check Point Security Appliance Trade in Promotion
  • Increase efficiency with Dell PartnerDirect
  • Avoid the crash. Arm your Road Warriors with SSD
  • Get FREE online training modules from BlackBerry.
  • Bundles with room to grow and room to go!
  • Free BlackBerry(R) Training Tour. Win a Smartphone.
  • Request a Novell/Microsoft deployment kit.
  • Improve the customer experience with Dialogue
  • Meet the demand for green technology with HP desktops
  • Download the “Best Antivirus Product of 2007”


    •    Channel Insider      Contact Us | Advertise | Site Map | VARs | System Builder
    eWEEK Quick LInks Storage Devices | Networking Security | Network Infrastructure | Wireless Networking | Database Management Systems | PC Desktops | Web Programming | Enterprise Solutions Linux Operating Systems | Mac Operating System | Mobile Messaging | Internet Telephony Microsoft Windows News | Google Watch | IBM Watch

    Ziff Davis Enterprise Home | Contact Us | Advertise | Link to Us | Reprints | Magazine Subscriptions | Newsletters
    Tech RSS Feeds | White Papers | ROI Calculators | Tech Video

    Baseline | Careers | Channel Insider | CIO Insight | DesktopLinux | DeviceForge | DevSource | eSeminars |
    eWEEK | Enterprise Network Security | LinuxDevices | Linux Watch | Microsoft Watch | Mid-market | Networking | PDF Zone |
    Publish | Security IT Hub | Strategic Partner | Web Buyer's Guide | Windows for Devices

    Developer Shed | Dev Shed | ASP Free | Dev Articles | Dev Hardware | SEO Chat | Tutorialized | Scripts |
    Code Walkers | Web Hosters | Dev Mechanic | Dev Archives | igrep

    Use of this site is governed by our Terms of Use and Privacy Policy

    Copyright ©1996-2008 Ziff Davis Enterprise Holdings Inc. All Rights Reserved. Channel Insider is a trademark of Ziff Davis Enterprise, Inc. Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Enterprise, Inc. is prohibited.