| Vulnerability Name: | CVE-2007-4272 (CCN-36104) | ||||||||
| Assigned: | 2007-08-15 | ||||||||
| Published: | 2007-08-15 | ||||||||
| Updated: | 2017-07-29 | ||||||||
| Summary: | Multiple vulnerabilities in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allow local users to create arbitrary files via (1) unspecified vectors where an attacker's umask is honored, (2) /etc/ld.so.preload, (3) certain "cron data file locations", and other unspecified vectors possibly involving the (4) OSSEMEMDBG or (5) TRC_LOG_FILE environment variable in db2licd (db2licm). | ||||||||
| CVSS v3 Severity: | 6.7 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 1.9 Low (CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:P/A:N) 1.4 Low (Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
4.2 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:H/Au:N/C:N/I:C/A:C/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Privileges | ||||||||
| References: | Source: MITRE Type: CNA CVE-2007-4272 Source: IDEFENSE Type: UNKNOWN 20070816 IBM DB2 Universal Database Multiple File Creation Vulnerabilities Source: CCN Type: SA26471 IBM DB2 Multiple Vulnerabilities Source: SECUNIA Type: Patch, Vendor Advisory 26471 Source: CCN Type: SECTRACK ID: 1018581 IBM DB2 Multiple Bugs Let Local Users Gain Root Privileges Source: SECTRACK Type: UNKNOWN 1018581 Source: AIXAPAR Type: UNKNOWN IY98011 Source: CCN Type: APAR IY98011 Security vulnerability with db2licd, and the OSSEMEMDBG and TRC_LOG_FILE environment variables Source: AIXAPAR Type: UNKNOWN IY98101 Source: CCN Type: APAR IY98101 Security vulnerability with db2licd, and the OSSEMEMDBG and TRC_LOG_FILE environment variables Source: AIXAPAR Type: UNKNOWN IY98210 Source: CONFIRM Type: Patch http://www-1.ibm.com/support/docview.wss?uid=swg21255352 Source: CONFIRM Type: Patch http://www-1.ibm.com/support/docview.wss?uid=swg21255607 Source: CCN Type: VIM Mailing list, Sat Aug 18 21:05:56 UTC 2007 Recent DB2 Vulnerabilities Source: MLIST Type: UNKNOWN [VIM] 20070821 Recent DB2 Vulnerabilities Source: CCN Type: APAR IY98210 Symlink Security Vulnerability when DB2 opens files, running as root Source: CCN Type: OSVDB ID: 40989 IBM DB2 Universal Database Crafted Umask Arbitrary File Creation Source: CCN Type: OSVDB ID: 40990 IBM DB2 Universal Database /etc/ld.so.preload Unspecified Arbitrary File Creation Source: CCN Type: OSVDB ID: 40991 IBM DB2 Universal Database cron Data File Location Unspecified Arbitrary File Creation Source: CCN Type: OSVDB ID: 40992 IBM DB2 Universal Database db2licd (db2licm) Unspecified Arbitrary File Creation Source: BID Type: UNKNOWN 25339 Source: CCN Type: BID-25339 IBM DB2 Universal Database Multiple Unspecified Vulnerabilities Source: VUPEN Type: UNKNOWN ADV-2007-2912 Source: XF Type: UNKNOWN db2-multiple-file-create(36104) Source: XF Type: UNKNOWN db2-multiple-file-create(36104) Source: CCN Type: iDefense Labs PUBLIC ADVISORY: 08.16.07 IBM DB2 Universal Database Multiple File Creation Vulnerabilities | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||