CVE-2007-1027

Name of the Vulnerable Software and Affected Versions: IBM DB2 versions prior to 9 Fix Pack 2 for Linux and Unix

Description: The issue allows local users to overwrite arbitrary files via a symlink attack on the DB2DIAG.LOG temporary file. This is a result of certain setuid DB2 binaries being vulnerable to such attacks.

Recommendations: For versions prior to 9 Fix Pack 2, update to 9 Fix Pack 2 or later to resolve the issue. As a temporary workaround, consider restricting access to the setuid DB2 binaries to minimize the risk of exploitation.