Security News > 2020 > August > Experts Reported Security Bug in IBM's Db2 Data Management Software

Cybersecurity researchers today disclosed details of a memory vulnerability in IBM's Db2 family of data management products that could potentially allow a local attacker to access sensitive data and even cause a denial of service attacks.

The flaw, which impacts IBM Db2 V9.7, V10.1, V10.5, V11.1, and V11.5 editions on all platforms, is caused by improper usage shared memory, thereby granting a bad actor to perform unauthorized actions on the system.

"Developers forgot to put explicit memory protections around the shared memory used by the Db2 trace facility," SpiderLabs's Martin Rakhmanov said.

The Db2 trace utility is used to record Db2 data and events, including reporting Db2 system information, collecting data required for performance analysis and tuning, and capture data access audit trail for security purposes.

Even more concerning, a low-privileged process running on the same computer as the Db2 database could alter Db2 trace and capture sensitive data and use the information to carry out other attacks.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/Ldg0Cw7znCc/ibm-data-management.html