[原文]Shared memory sections and events in IBM DB2 8.1 have default permissions of read and write for the Everyone group, which allows local users to gain unauthorized access, gain senstitive information, such as cleartext passwords, and cause a denial of service.
An information disclosure vulnerability has been reported in IBM DB2. This vulnerability only exists when DB2 is installed on Microsoft Windows operating systems. This is due to a Windows permissions issue related to shared memory sections, culminating in authorized access to sensitive information.
This vulnerability allows local users to inappropriately connect to DB2 IPC resources, and to also read files that may contain potentially sensitive information. This may aid them in further attacks.
- Database usernames and passwords may be read from the 'DB2SHMSECURITYSERVICE' memory section.
- Various shared memory sections may be read allowing unauthorized access to query or query result data. The following examples were provided:
section read DB20QM
section read DB2GLBQ0QM
section read DB2SHMDB2_0APP
section read DB2SHMDB2_0APL00000003
section read DB2SHMDB2_0APL00000004
section read DB2SHMDB2_0APL00000005
DB2 contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered in the Windows version when the 'Everyone' group is granted read and write access to certain DB2 resources, which could allow a malicious user to gain access to plaintext Windows user names and passwords from the 'DB2SHMSECURITYSERVICE' section resulting in a loss of confidentiality and/or integrity.
Currently, there are no known workarounds or upgrades to correct these issues. However, IBM has released a patch to address this vulnerability.