Lucene search

[email protected]CVE-2007-4270

HistoryAug 18, 2007 - 9:17 p.m.

CVE-2007-4270

2007-08-1821:17:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

ibm

db2

udb

symlink attack

vulnerability

root privileges

6.5 Medium

AI Score

Confidence

Low

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.3%

JSON

Multiple race conditions in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allow local users to gain root privileges via a symlink attack on certain files.

CPENameOperatorVersion
ibm:db2_universal_databaseibm db2 universal databasele9.1
ibm:db2_universal_databaseibm db2 universal databasele8.0

CPE	Name	Operator	Version
ibm:db2_universal_database	ibm db2 universal database	le	9.1
ibm:db2_universal_database	ibm db2 universal database	le	8.0

References

labs.idefense.com/intelligence/vulnerabilities/display.php?id=578

secunia.com/advisories/26471

securitytracker.com/id?1018581

www-1.ibm.com/support/docview.wss?uid=swg1IY98210

www-1.ibm.com/support/docview.wss?uid=swg1IY99261

www-1.ibm.com/support/docview.wss?uid=swg21255352

www-1.ibm.com/support/docview.wss?uid=swg21255607

www.attrition.org/pipermail/vim/2007-August/001765.html

www.securityfocus.com/bid/25339

www.vupen.com/english/advisories/2007/2912

exchange.xforce.ibmcloud.com/vulnerabilities/36069

6.5 Medium

AI Score

Confidence

Low

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.3%

JSON

Related for CVE-2007-4270

securityvulns2 prion1 seebug1 nessus1