Privilege Escalation via DB2RCMD.EXE and DB2REMOTECMD Named Pipe

Privilege Escalation via DB2RCMD.EXE and DB2REMOTECMD Named Pipe

CVE-2004-0795 · HIGH Severity

AV:L/AC:L/AU:N/C:C/I:C/A:C

DB2 8.1 remote command server (DB2RCMD.EXE) executes the db2rcmdc.exe program as the db2admin administrator, which allows local users to gain privileges via the DB2REMOTECMD named pipe.

Learn more about our Cis Benchmark Audit For Server Software.