CVE-2004-0795

Name of the Vulnerable Software and Affected Versions DB2 version 8.1

Description The issue allows local users to gain privileges. This is due to the DB2 8.1 remote command server (DB2RCMD.EXE) executing the db2rcmdc.exe program as the db2admin administrator. The vulnerability is exploited via the DB2REMOTECMD named pipe.

Recommendations For DB2 version 8.1, consider restricting access to the DB2REMOTECMD named pipe to minimize the risk of exploitation. Additionally, review the privileges assigned to the db2admin administrator account and ensure that they are in line with the principle of least privilege. At the moment, there is no information about a newer version that contains a fix for this vulnerability.