Lucene search

[email protected]CVE-2007-4271

HistoryAug 18, 2007 - 9:17 p.m.

CVE-2007-4271

2007-08-1821:17:00

CWE-22

[email protected]

web.nvd.nist.gov

cve

2007

4271

ibm

db2

udb

directory traversal

vulnerability

local users

arbitrary files

environment variable

symlink following

6.3 Medium

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

0.0004 Low

EPSS

Percentile

5.3%

JSON

Directory traversal vulnerability in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allows local users to create arbitrary files via a … (dot dot) in an unspecified environment variable, which is appended to “/tmp/” and used as a log file. NOTE: this issue might be related to symlink following.

CPENameOperatorVersion
ibm:db2_universal_databaseibm db2 universal databasele9.1
ibm:db2_universal_databaseibm db2 universal databasele8.0

CPE	Name	Operator	Version
ibm:db2_universal_database	ibm db2 universal database	le	9.1
ibm:db2_universal_database	ibm db2 universal database	le	8.0

References

labs.idefense.com/intelligence/vulnerabilities/display.php?id=579

secunia.com/advisories/26471

securitytracker.com/id?1018581

www-1.ibm.com/support/docview.wss?uid=swg1IY98210

www-1.ibm.com/support/docview.wss?uid=swg1IY99261

www-1.ibm.com/support/docview.wss?uid=swg21255352

www-1.ibm.com/support/docview.wss?uid=swg21255607

www.attrition.org/pipermail/vim/2007-August/001765.html

www.securityfocus.com/bid/25339

www.vupen.com/english/advisories/2007/2912

6.3 Medium

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

0.0004 Low

EPSS

Percentile

5.3%

JSON

Related for CVE-2007-4271

prion1 securityvulns2 seebug1 nessus1