CVE-2003-1052

IBM DB2 <8.1 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2003-1052. PoCs published by [email protected].

AI-analyzed exploit summary This exploit leverages a vulnerability in IBM DB2 where shared libraries in a directory owned by the 'bin' user can be overwritten. The PoC compiles a malicious shared library that spawns a root shell when loaded by a setuid root utility like 'db2dari'.

Description

IBM DB2 7.1 and 8.1 allow the bin user to gain root privileges by modifying the shared libraries that are used in setuid root programs.

Exploits (1)

exploitdb WORKING POC VERIFIED

by [email protected] · perllocalunix

https://www.exploit-db.com/exploits/22989

View Code ZIP pw:eip

This exploit leverages a vulnerability in IBM DB2 where shared libraries in a directory owned by the 'bin' user can be overwritten. The PoC compiles a malicious shared library that spawns a root shell when loaded by a setuid root utility like 'db2dari'.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: IBM DB2 V7.1

Auth required

Prerequisites: Access to the 'bin' user account · Write permissions to the IBM DB2 library directory

MITRE ATT&CK

T1574.006 - Dynamic Linker Hijacking T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/12826

Exploit, Patch, Vendor Advisory mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/331904

Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/8346

Scores

EPSS 0.0132

EPSS Percentile 67.1%

Details

Status published

Products (8)

ibm/db2 9.0

ibm/db2_universal_database 6.0

ibm/db2_universal_database 7.0

ibm/db2_universal_database 7.1

ibm/db2_universal_database 7.2

ibm/db2_universal_database 8.0

ibm/db2_universal_database 8.1

ibm/db2_universal_database 8.2

Published Sep 28, 2004

Tracked Since Feb 18, 2026