Lucene search

[email protected]CVE-2008-3856

HistoryAug 28, 2008 - 5:41 p.m.

CVE-2008-3856

2008-08-2817:41:00

CWE-264

[email protected]

web.nvd.nist.gov

ibm

db2

routine infrastructure

privilege escalation

cve-2008-3856

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.1 Medium

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

82.1%

JSON

The routine infrastructure component in IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP1 on Unix and Linux does not change the ownership of the db2fmp process, which has unknown impact and attack vectors.

Affected configurations

NVD

Node

ibmdb2_universal_databaseRange≤8fp16aix

ibmdb2_universal_databaseRange≤8fp16hp_ux

ibmdb2_universal_databaseRange≤8fp16linux

ibmdb2_universal_databaseRange≤8fp16solaris

ibmdb2_universal_databaseRange≤9.1fp4aaix

ibmdb2_universal_databaseRange≤9.1fp4ahp-ux

ibmdb2_universal_databaseRange≤9.1fp4alinux

ibmdb2_universal_databaseRange≤9.1fp4asolaris

ibmdb2_universal_databaseMatch8fp1aix

ibmdb2_universal_databaseMatch8fp1hp_ux

ibmdb2_universal_databaseMatch8fp1linux

ibmdb2_universal_databaseMatch8fp10aix

ibmdb2_universal_databaseMatch8fp10hp_ux

ibmdb2_universal_databaseMatch8fp10linux

ibmdb2_universal_databaseMatch8fp10solaris

ibmdb2_universal_databaseMatch8fp11aix

ibmdb2_universal_databaseMatch8fp11hp_ux

ibmdb2_universal_databaseMatch8fp11linux

ibmdb2_universal_databaseMatch8fp11solaris

ibmdb2_universal_databaseMatch8fp12aix

ibmdb2_universal_databaseMatch8fp12hp_ux

ibmdb2_universal_databaseMatch8fp12linux

ibmdb2_universal_databaseMatch8fp12solaris

ibmdb2_universal_databaseMatch8fp13aix

ibmdb2_universal_databaseMatch8fp13hp_ux

ibmdb2_universal_databaseMatch8fp13linux

ibmdb2_universal_databaseMatch8fp13solaris

ibmdb2_universal_databaseMatch8fp14aix

ibmdb2_universal_databaseMatch8fp14hp_ux

ibmdb2_universal_databaseMatch8fp14linux

ibmdb2_universal_databaseMatch8fp14solaris

ibmdb2_universal_databaseMatch8fp15aix

ibmdb2_universal_databaseMatch8fp15hp_ux

ibmdb2_universal_databaseMatch8fp15linux

ibmdb2_universal_databaseMatch8fp15solaris

ibmdb2_universal_databaseMatch8fp2aix

ibmdb2_universal_databaseMatch8fp2hp_ux

ibmdb2_universal_databaseMatch8fp2linux

ibmdb2_universal_databaseMatch8fp2solaris

ibmdb2_universal_databaseMatch8fp3aix

ibmdb2_universal_databaseMatch8fp3hp_ux

ibmdb2_universal_databaseMatch8fp3linux

ibmdb2_universal_databaseMatch8fp3solaris

ibmdb2_universal_databaseMatch8fp4aix

ibmdb2_universal_databaseMatch8fp4hp_ux

ibmdb2_universal_databaseMatch8fp4linux

ibmdb2_universal_databaseMatch8fp4solaris

ibmdb2_universal_databaseMatch8fp4aaix

ibmdb2_universal_databaseMatch8fp4ahp_ux

ibmdb2_universal_databaseMatch8fp4alinux

ibmdb2_universal_databaseMatch8fp4asolaris

ibmdb2_universal_databaseMatch8fp5aix

ibmdb2_universal_databaseMatch8fp5hp_ux

ibmdb2_universal_databaseMatch8fp5linux

ibmdb2_universal_databaseMatch8fp5solaris

ibmdb2_universal_databaseMatch8fp6aix

ibmdb2_universal_databaseMatch8fp6hp_ux

ibmdb2_universal_databaseMatch8fp6linux

ibmdb2_universal_databaseMatch8fp6solaris

ibmdb2_universal_databaseMatch8fp6aaix

ibmdb2_universal_databaseMatch8fp6ahp_ux

ibmdb2_universal_databaseMatch8fp6alinux

ibmdb2_universal_databaseMatch8fp6asolaris

ibmdb2_universal_databaseMatch8fp6baix

ibmdb2_universal_databaseMatch8fp6bhp_ux

ibmdb2_universal_databaseMatch8fp6blinux

ibmdb2_universal_databaseMatch8fp6bsolaris

ibmdb2_universal_databaseMatch8fp6caix

ibmdb2_universal_databaseMatch8fp6chp_ux

ibmdb2_universal_databaseMatch8fp6clinux

ibmdb2_universal_databaseMatch8fp6csolaris

ibmdb2_universal_databaseMatch8fp7aix

ibmdb2_universal_databaseMatch8fp7hp_ux

ibmdb2_universal_databaseMatch8fp7linux

ibmdb2_universal_databaseMatch8fp7solaris

ibmdb2_universal_databaseMatch8fp7aaix

ibmdb2_universal_databaseMatch8fp7ahp_ux

ibmdb2_universal_databaseMatch8fp7alinux

ibmdb2_universal_databaseMatch8fp7asolaris

ibmdb2_universal_databaseMatch8fp7baix

ibmdb2_universal_databaseMatch8fp7bhp_ux

ibmdb2_universal_databaseMatch8fp7blinux

ibmdb2_universal_databaseMatch8fp7bsolaris

ibmdb2_universal_databaseMatch8fp8aix

ibmdb2_universal_databaseMatch8fp8hp_ux

ibmdb2_universal_databaseMatch8fp8linux

ibmdb2_universal_databaseMatch8fp8solaris

ibmdb2_universal_databaseMatch8fp8aaix

ibmdb2_universal_databaseMatch8fp8ahp_ux

ibmdb2_universal_databaseMatch8fp8alinux

ibmdb2_universal_databaseMatch8fp8asolaris

ibmdb2_universal_databaseMatch8fp9aix

ibmdb2_universal_databaseMatch8fp9hp_ux

ibmdb2_universal_databaseMatch8fp9linux

ibmdb2_universal_databaseMatch8fp9solaris

ibmdb2_universal_databaseMatch8fp9aaix

ibmdb2_universal_databaseMatch8fp9ahp_ux

ibmdb2_universal_databaseMatch8fp9alinux

ibmdb2_universal_databaseMatch8fp9asolaris

ibmdb2_universal_databaseMatch8.0aix

ibmdb2_universal_databaseMatch8.0hp_ux

ibmdb2_universal_databaseMatch8.0linux

ibmdb2_universal_databaseMatch8.0solaris

ibmdb2_universal_databaseMatch9.1aix

ibmdb2_universal_databaseMatch9.1hp_ux

ibmdb2_universal_databaseMatch9.1linux

ibmdb2_universal_databaseMatch9.1solaris

ibmdb2_universal_databaseMatch9.1fp2aix

ibmdb2_universal_databaseMatch9.1fp2hp-ux

ibmdb2_universal_databaseMatch9.1fp2linux

ibmdb2_universal_databaseMatch9.1fp2solaris

ibmdb2_universal_databaseMatch9.1fp3aix

ibmdb2_universal_databaseMatch9.1fp3hp-ux

ibmdb2_universal_databaseMatch9.1fp3linux

ibmdb2_universal_databaseMatch9.1fp3solaris

ibmdb2_universal_databaseMatch9.1fp4aix

ibmdb2_universal_databaseMatch9.1fp4hp-ux

ibmdb2_universal_databaseMatch9.1fp4linux

ibmdb2_universal_databaseMatch9.1fp4solaris

CPENameOperatorVersion
ibm:db2_universal_databaseibm db2 universal databasele8
ibm:db2_universal_databaseibm db2 universal databasele9.1
ibm:db2_universal_databaseibm db2 universal databaseeq8.0

CPE	Name	Operator	Version
ibm:db2_universal_database	ibm db2 universal database	le	8
ibm:db2_universal_database	ibm db2 universal database	le	9.1
ibm:db2_universal_database	ibm db2 universal database	eq	8.0

References

ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT

ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT

secunia.com/advisories/29784

secunia.com/advisories/31787

www-01.ibm.com/support/docview.wss?uid=swg1IZ19155

www-1.ibm.com/support/docview.wss?uid=swg1IZ20350

www-1.ibm.com/support/docview.wss?uid=swg1IZ20352

www-1.ibm.com/support/docview.wss?uid=swg21255607

www.securityfocus.com/bid/29601

www.securityfocus.com/bid/31058

exchange.xforce.ibmcloud.com/vulnerabilities/45140

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.1 Medium

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

82.1%

JSON

Related for CVE-2008-3856

cvelist2 prion2 nvd2 cve1 nessus2