CVEs have now been assigned to the two previously reported bugs as follows: > 1) http://www.nth-dimension.org.uk/downloads.php?id=83 - Privesc attack > using DB2 from normal user to root, the PoC is for Linux but based on > testing the AIX version looks iffy too although I couldn't get gcc to > generate a valid library to exploit it. CVE-2011-4061. FWIW I now have a version of the exploit for this working on AIX, based on a copy of kbbacf1 from IBM Tivoli Monitoring 220.127.116.11. It therefore appears that the vulnerable version of kbbacf1 isn't just shipped with DB2. > 2) http://www.nth-dimension.org.uk/downloads.php?id=80 - Generic attack on > the QNX runtime linker which abuses an arbitrary file overwrite and race > condition to get root. CVE-2011-4060. Cheers, Tim -- Tim Brown <mailto:timb@xxxxxxxxxxxxxxxxxxxx> <http://www.nth-dimension.org.uk/>
Description: This is a digitally signed message part.