IBM has issued a patch to plug a critical flaw in its DB2 database management system that an attacker could exploit to take complete control of a system.
The flaw was discovered in DB2 version 9.1 Fixpack 2 Enterprise server edition. A buffer overflow condition exists within the sysproc.auth_list_groups_for_authid function.
The discovery was made Ariel Sanchez of New York City-based database security vendor, Application Security Inc. The vendor issued an