Buffer overflow

IBM DB2 UDB 9.1 before Fixpak 4 does not properly perform vector aggregation, which might allow attackers to cause a denial of service divide-by-zero error and DBMS crash, related to an "overflow." NOTE: the vendor description of this issue is too vague to be certain that it is security-related...

CVE-2007-6048

IBM DB2 UDB 9.1 before Fixpak 4 uses incorrect permissions on ACLs for DB2NODES.CFG, which has unknown impact and attack vectors. NOTE: the vendor description of this issue is too vague to be certain that it is security-related...

Buffer overflow

Unspecified vulnerability in the DB2DART tool in IBM DB2 UDB 9.1 before Fixpak 4 allows attackers to execute arbitrary commands as the DB2 instance owner, related to invocation of TPUT by DB2DART...

Design/Logic Flaw

IBM DB2 UDB 9.1 before Fixpak 4 assigns incorrect privileges to the 1 DB2ADMNS and 2 DB2USERS alternative groups, which has unknown impact. NOTE: the vendor description of this issue is too vague to be certain that it is security-related...

CVE-2007-6050

CVE-2007-6050 affects IBM DB2 UDB 9.1 prior to Fixpak 4, specifically the DB2LICD component. The vulnerability is described as unspecified and related to the creation of an ‘insecure directory’ . The NVD metrics indicate a local attack vector with potential complete confidentiality, integrity, an...

CVE-2007-6046

CVE-2007-6046 concerns IBM DB2 UDB 9.1 before Fixpak 4, with an unspecified vulnerability in unspecified setuid programs. The issue allows local users to impact the system in an unspecified manner. Documented details indicate the vulnerability is local-exploit, with no explicit vector, scope, or ...

CVE-2007-6050

Unspecified vulnerability in DB2LICD in IBM DB2 UDB 9.1 before Fixpak 4 has unknown impact and attack vectors, related to creation of an "insecure directory."...

CVE-2007-6046

Unspecified vulnerability in unspecified setuid programs in IBM DB2 UDB 9.1 before Fixpak 4 allows local users to have an unknown impact...

CVE-2007-6052

IBM DB2 UDB 9.1 before Fixpak 4 does not properly perform vector aggregation, which might allow attackers to cause a denial of service divide-by-zero error and DBMS crash, related to an "overflow." NOTE: the vendor description of this issue is too vague to be certain that it is security-related...

CVE-2007-6045

CVE-2007-6045 affects IBM DB2 UDB 9.1 before Fixpak 4, specifically the DB2WATCH and DB2FREEZE components. The description states an unspecified vulnerability with unknown impact and attack vectors; no explicit exploitation details, affected versions beyond the mentioned FixPak, or remediation ar...

Design/Logic Flaw

Multiple vulnerabilities in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allow local users to create arbitrary files via 1 unspecified vectors where an attacker's umask is honored, 2 /etc/ld.so.preload, 3 certain "cron data file locations", and other unspecified vectors possibly involvi...

CVE-2007-4272

Multiple vulnerabilities in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allow local users to create arbitrary files via 1 unspecified vectors where an attacker's umask is honored, 2 /etc/ld.so.preload, 3 certain "cron data file locations", and other unspecified vectors possibly involvi...

Stack overflow

Stack-based buffer overflow in the AUTHLISTGROUPSFORAUTHID function in IBM DB2 UDB 9.1 before Fixpak 3 allows attackers to cause a denial of service and possibly execute arbitrary code via a long argument...

Design/Logic Flaw

Multiple untrusted search path vulnerabilities in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allow local users to gain privileges via certain vectors related to 1 DB2 instance or FMP startup on Linux and Solaris; 2 exec of executables while running as root on non-Windows systems, as...

CVE-2007-4271

Directory traversal vulnerability in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allows local users to create arbitrary files via a .. dot dot in an unspecified environment variable, which is appended to "/tmp/" and used as a log file. NOTE: this issue might be related to symlink...

CVE-2007-4275

IBM DB2 UDB 8.x (Fixpak 15) and 9.1 (Fixpak 3) have multiple local privilege-escalation vulnerabilities due to untrusted search paths and environment-based file/binary loading. Exploitable vectors include startup of the DB2 instance or FMP on Linux/Solaris, execution of executables while running ...