Lucene search

[email protected]CVE-2007-1027

HistoryFeb 21, 2007 - 11:28 a.m.

CVE-2007-1027

2007-02-2111:28:00

CWE-59

[email protected]

web.nvd.nist.gov

ibm db2

symlink attack

db2diag.log

security vulnerability

cve-2007-1027

4.4 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

6.2 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Certain setuid DB2 binaries in IBM DB2 before 9 Fix Pack 2 for Linux and Unix allow local users to overwrite arbitrary files via a symlink attack on the DB2DIAG.LOG temporary file.

Affected configurations

NVD

Node

ibmdb2Match9.0linux

ibmdb2Match9.0unix

CPENameOperatorVersion
ibm:db2ibm db2eq9.0

CPE	Name	Operator	Version
ibm:db2	ibm db2	eq	9.0

References

osvdb.org/34024

secunia.com/advisories/24213

www-1.ibm.com/support/docview.wss?uid=swg1IY94817

www.securityfocus.com/bid/22614

www.securitytracker.com/id?1017665

www.securitytracker.com/id?1017695

www.vupen.com/english/advisories/2007/0652

4.4 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

6.2 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2007-1027

nvd1 securityvulns1 prion1 cvelist1