2 matches found
Security Bulletin: Format string vulnerability in IBM® Db2® tool db2support (CVE-2018-1566).
Summary Db2 tool db2support is affected by format string vulnerability. As installed this tool does not run with elevated privileges setuid and when called directly the vulnerability does not lead to privilege escalation. However, if a customer’s own application or script runs with elevated...
CVE-2018-1566
CVE-2018-1566 affects IBM Db2 for Linux, UNIX and Windows (including DB2 Connect Server) versions 9.7, 10.1, 10.5, and 11.1. The vulnerability is a local, format-string error that could allow a local user to execute arbitrary code. Several connected documents confirm the issue and cite IBM X-Forc...