Arbitrary Code Execution via Object Injection in IBM Data Server Driver for JDBC and SQLJ

Arbitrary Code Execution via Object Injection in IBM Data Server Driver for JDBC and SQLJ

CVE-2017-1677 · MEDIUM Severity

AV:L/AC:L/AU:N/C:P/I:P/A:P

IBM Data Server Driver for JDBC and SQLJ (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) deserializes the contents of /tmp/connlicj.bin which leads to object injection and potentially arbitrary code execution depending on the classpath. IBM X-Force ID: 133999.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.