Lucene search

[email protected]CVE-2011-4061

HistoryOct 18, 2011 - 1:55 a.m.

CVE-2011-4061

2011-10-1801:55:01

[email protected]

web.nvd.nist.gov

286

cve-2011-4061

ibm db2

express edition 9.7

untrusted search path vulnerabilities

local users

privileges

dt_rpath elf header

nvd

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

6.6 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

25.7%

JSON

Multiple untrusted search path vulnerabilities in (1) db2rspgn and (2) kbbacf1 in IBM DB2 Express Edition 9.7, as used in the IBM Tivoli Monitoring for Databases: DB2 Agent, allow local users to gain privileges via a Trojan horse libkbb.so in the current working directory, related to the DT_RPATH ELF header.

Affected configurations

NVD

Node

ibmdb2Match9.7express

ibmtivoli_monitoring_for_databases

CPENameOperatorVersion
ibm:db2ibm db2eq9.7
ibm:tivoli_monitoring_for_databasesibm tivoli monitoring for databaseseq*

CPE	Name	Operator	Version
ibm:db2	ibm db2	eq	9.7
ibm:tivoli_monitoring_for_databases	ibm tivoli monitoring for databases	eq	*

References

securityreason.com/securityalert/8476

www.nth-dimension.org.uk/downloads.php?id=77

www.nth-dimension.org.uk/downloads.php?id=83

www.securityfocus.com/archive/1/518659

www.securityfocus.com/bid/48514

www.securityfocus.com/bid/51181

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14063

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

6.6 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

25.7%

JSON

Related for CVE-2011-4061

openvas2 nvd1 cvelist1 ibm1 seebug1 prion1 ubuntucve1 nessus1