CVE-2011-4061

Name of the Vulnerable Software and Affected Versions IBM DB2 Express Edition 9.7

Description The issue concerns untrusted search path vulnerabilities in the db2rspgn and kbbacf1 components of IBM DB2 Express Edition. This allows local users to gain privileges by utilizing a Trojan horse libkbb.so in the current working directory, related to the DT RPATH ELF header.

Recommendations For IBM DB2 Express Edition 9.7, consider restricting access to the db2rspgn and kbbacf1 components to minimize the risk of exploitation. As a temporary workaround, avoid using these components in untrusted environments until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.