A few notes on this advisory and IBM's IY94817.
1) The real IY94817 document (not the stub) requires registration to
even access in the first place, which is an unfortunate practice
that too many vendors undertake. The URL was also broken for some
time. Now that I've registered, I *STILL* can't get access to this
"IY94817: SECURITY: DB2DIAG.LOG SYMBOLIC LINK OVERWRITE
Why is it so difficult just to get some basic security information?
Security advisories should be easy for the public to access. A
sysadmin shouldn't have to register with hundreds of web sites just
to get good security information.
This kind of thing happens all the time, unfortunately.
2) Anyway, this document:
says "The vulnerability allows a local user to write to any file on
the system through the use of symbolic links (also known as
symlinks or soft links)."