漏洞关键信息 Advisory Number: SRT2003-07-07-0833 Product: IBM U2 UniVerse Version: <= 10.0.0.9 Class: local Criticality: High (to UniVerse servers with local users) Operating System(s): Only confirmed on Linux (other Unix based?) High Level Explanation Description: Users with rights can take root. What to do: Technical Details Proof Of Concept Status: SNO Does have PoC code for this issue. Low Level Description: UniVerse is an extended relational database designed for embedding in vertical applications. The user and the program are involved in a vulnerability that allows local privilege escalation. Proof of Concept Patch or Workaround Note: Requires being a root user to perform all of the functions. Vendor Status The IBM U2 staff will resolve this issue in a future release. Patches may also be supplied on a per-client basis. Bugtraq URL Not assigned yet.