IBM DB2 'DT_RPATH' Insecure Library Loading Arbitrary Code Execution Vulnerability

IBM DB2 is prone to a vulnerability that lets attackers execute arbitrary code.
An attacker can exploit this issue to gain elevated privileges and execute arbitrary code with root privileges. Successfully exploiting this issue will result in a complete compromise of the affected system.
IBM DB2 9.7 is vulnerable; other versions may also be affected.

Information

Bugtraq ID: 48514
Class: Design Error
CVE: CVE-2011-4061

Remote: No
Local: Yes
Published: Jun 30 2011 12:00AM
Updated: Apr 13 2015 09:01PM
Credit: Tim Brown
Vulnerable: IBM DB2 9.7

Not Vulnerable:

Exploit

The following proof-of-concept code is available:

/data/vulnerabilities/exploits/48514.c

References:

IBM DB2 Homepage (IBM)
Breaking the links: Exploiting the linker (Tim brown)

Source: www.securityfocus.com

Exploit Collector

Search Exploit