IBM Db2 Flaw Gives Attackers Read/Write Access to Shared Memory

  /     /     /  
Publicated : 23/11/2024   Category : security

IBM Db2 Flaw Gives Attackers Read/Write Access to Shared Memory


Researchers discover a lack of explicit memory protections around the shared memory used by the Db2 trace facility.


Security researchers have discovered a vulnerability in IBM Db2 that could let an attacker gain read/write access to shared memory and perform unauthorized actions on a target system. 
CVE-2020-4414 exists because developers neglected to add explicit memory protections around shared memory used by the Db2 trace facility, explains Martin Rakhmanov, security research manager at Trustwave SpiderLabs, where the flaw was discovered. This allows any local users to have read and write access to that memory area. 
In turn, this allows accessing critically sensitive data as well as the ability to change how the trace subsystem functions, resulting in a denial of service condition in the database, he explains. Neither should be possible for regular users.
Rakhmanov says this vulnerability could lead to other issues -- for example, low-privileged process running on the same computer as the Db2 database. An attacker could also alter Db2 trace and capture sensitive data, which could be used later for subsequent attacks, he adds.
All Db2 instances of current version (11.5) on Windows are affected. IBM has
released a patch
to address this vulnerability and other security issues. Its difficult to tell whether the vulnerability has been exploited. Businesses should check the database version and apply any missing patches.
Read more details
here
.

Last News

▸ ArcSight prepares for future at user conference post HP acquisition. ◂
Discovered: 07/01/2025
Category: security
▸ Samsung Epic 4G: First To Use Media Hub ◂
Discovered: 07/01/2025
Category: security
▸ Many third-party software fails security tests ◂
Discovered: 07/01/2025
Category: security


Cyber Security Categories
Google Dorks Database
 		Exploits Vulnerability
 		Exploit Shellcodes

CVE List
 		Tools/Apps
 		News/Aarticles

Phishing Database
 		Deepfake Detection
 		Trends/Statistics & Live Infos



Tags:
IBM Db2 Flaw Gives Attackers Read/Write Access to Shared Memory