IBM has issued a patch to plug a critical flaw in its
DB2 database management system that an attacker could exploit
to take complete control of a system.
The flaw was discovered in
DB2 version 9.1 Fixpack 2 Enterprise server edition. A buffer
overflow condition exists within the
sysproc.auth_list_groups_for_authid function.
The discovery was made Ariel Sanchez of New York City-based
database security vendor, Application Security. The firm issued an
advisory Friday for the DB2 flaw after IBM
released a fix.
