CVE-2010-3733

Name of the Vulnerable Software and Affected Versions IBM DB2 UDB version 9.5 before FP6a

Description The issue concerns the Engine Utilities component in IBM DB2 UDB, where the sqllib/cfg/db2sprf file has world-writable permissions. This could potentially allow local users to gain privileges by modifying the file.

Recommendations For IBM DB2 UDB version 9.5 before FP6a, update to FP6a or later to resolve the issue. As a temporary workaround, consider changing the permissions of the sqllib/cfg/db2sprf file to prevent unauthorized modifications.