Critical flaw discovered in IBM DB2
IBM's DB2 database management system contains a flaw that could be exploited remotely by an attacker to take control of a system.
IBM has issued a patch to plug a critical flaw in its DB2 database management system that an attacker could exploit to take complete control of a system.
The flaw was discovered in DB2 version 9.1 Fixpack 2 Enterprise server edition. A buffer overflow condition exists within the sysproc.auth_list_groups_for_authid function.
The discovery was made Ariel Sanchez of New York City-based database security vendor, Application Security. The firm issued an advisory Friday for the DB2 flaw after IBM released a fix.