Vulnerability Name:
CVE-2009-3471 (CCN-53630)
Assigned:
2009-05-28
Published:
2009-05-28
Updated:
2010-10-07
Summary:
IBM DB2 8 before FP18, 9.1 before FP8, 9.5 before FP4, and 9.7 before FP2 does not perform the expected drops of certain table functions upon a loss of privileges by the functions' definers, which has unspecified impact and remote attack vectors.
CVSS v3 Severity:
5.3 Medium
(CCN CVSS v3.1 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
)
Exploitability Metrics:
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope:
Scope (S):
Unchanged
Impact Metrics:
Confidentiality (C):
None
Integrity (I):
Low
Availibility (A):
None
CVSS v2 Severity:
7.5 High
(CVSS v2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
)
5.5 Medium
(Temporal CVSS v2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Low
Authentication (Au):
None
Impact Metrics:
Confidentiality (C):
Partial
Integrity (I):
Partial
Availibility (A):
Partial
4.3 Medium
(CCN CVSS v2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
)
3.2 Low
(CCN Temporal CVSS v2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Medium
Athentication (Au):
None
Impact Metrics:
Confidentiality (C):
None
Integrity (I):
Partial
Availibility (A):
None
Vulnerability Type:
CWE-noinfo
Vulnerability Consequences:
Other
References:
Source: CONFIRM
Type: UNKNOWN
ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT
Source: MITRE
Type: CNA
CVE-2009-3471
Source: OSVDB
Type: UNKNOWN
58477
Source: CCN
Type: SA36890
IBM DB2 Multiple Vulnerabilities
Source: SECUNIA
Type: Vendor Advisory
36890
Source: AIXAPAR
Type: UNKNOWN
IC63548
Source: AIXAPAR
Type: UNKNOWN
IZ46658
Source: CCN
Type: IBM Support & downloads
IZ46658: SECURITY APAR: MODIFIED SQL DATA table function is not dropped when definer loses required privileges to maintain the objects.
Source: AIXAPAR
Type: UNKNOWN
IZ46773
Source: AIXAPAR
Type: UNKNOWN
IZ46774
Source: CONFIRM
Type: Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21386689
Source: CONFIRM
Type: Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21403619
Source: CONFIRM
Type: UNKNOWN
http://www-01.ibm.com/support/docview.wss?uid=swg21426108
Source: CONFIRM
Type: UNKNOWN
http://www-01.ibm.com/support/docview.wss?uid=swg21432298
Source: CCN
Type: OSVDB ID: 58477
IBM DB2 Universal Database Table Drop Function Definer Unspecified Issue
Source: CCN
Type: OSVDB ID: 68121
IBM DB2 Dependent Function Privilege Loss Invalidation Weakness Access Restriction Bypass
Source: BID
Type: UNKNOWN
36540
Source: CCN
Type: BID-36540
IBM DB2 Multiple Unspecified Security Vulnerabilities
Source: XF
Type: UNKNOWN
db2-definers-unspecified(53630)
Vulnerable Configuration:
Configuration 1
:
cpe:/a:ibm:db2:8.0:fp1:*:*:*:*:*:*
OR
cpe:/a:ibm:db2:8.0:fp10:*:*:*:*:*:*
OR
cpe:/a:ibm:db2:8.0:fp11:*:*:*:*:*:*
OR
cpe:/a:ibm:db2:8.0:fp12:*:*:*:*:*:*
OR
cpe:/a:ibm:db2:8.0:fp13:*:*:*:*:*:*
OR
cpe:/a:ibm:db2:8.0:fp14:*:*:*:*:*:*
OR
cpe:/a:ibm:db2:8.0:fp15:*:*:*:*:*:*
OR
cpe:/a:ibm:db2:8.0:fp16:*:*:*:*:*:*
OR
cpe:/a:ibm:db2:8.0:fp17:*:*:*:*:*:*
OR
cpe:/a:ibm:db2:8.0:fp2:*:*:*:*:*:*
OR
cpe:/a:ibm:db2:8.0:fp3:*:*:*:*:*:*
OR
cpe:/a:ibm:db2:8.0:fp4:*:*:*:*:*:*
OR
cpe:/a:ibm:db2:8.0:fp5:*:*:*:*:*:*
OR
cpe:/a:ibm:db2:8.0:fp6:*:*:*:*:*:*
OR
cpe:/a:ibm:db2:8.0:fp7:*:*:*:*:*:*
OR
cpe:/a:ibm:db2:8.0:fp8:*:*:*:*:*:*
OR
cpe:/a:ibm:db2:8.0:fp9:*:*:*:*:*:*
OR
cpe:/a:ibm:db2:9.1:fp1:*:*:*:*:*:*
OR
cpe:/a:ibm:db2:9.1:fp2:*:*:*:*:*:*
OR
cpe:/a:ibm:db2:9.1:fp3:*:*:*:*:*:*
OR
cpe:/a:ibm:db2:9.1:fp4:*:*:*:*:*:*
OR
cpe:/a:ibm:db2:9.1:fp5:*:*:*:*:*:*
OR
cpe:/a:ibm:db2:9.1:fp6:*:*:*:*:*:*
OR
cpe:/a:ibm:db2:9.1:fp7:*:*:*:*:*:*
OR
cpe:/a:ibm:db2:9.5:fp1:*:*:*:*:*:*
OR
cpe:/a:ibm:db2:9.5:fp2:*:*:*:*:*:*
OR
cpe:/a:ibm:db2:9.5:fp3:*:*:*:*:*:*
Configuration CCN 1
:
cpe:/a:ibm:db2_universal_database:9.1:fp4:*:*:*:*:*:*
OR
cpe:/a:ibm:db2_universal_database:9.1:fp3:aix:*:*:*:*:*
OR
cpe:/a:ibm:db2_universal_database:9.1::fp2:*:*:*:*:*
OR
cpe:/a:ibm:db2_universal_database:8.0:fp14:*:*:*:*:*:*
OR
cpe:/a:ibm:db2_universal_database:8.0:fp13:*:*:*:*:*:*
OR
cpe:/a:ibm:db2_universal_database:8.0:fp9:*:*:*:*:*:*
OR
cpe:/a:ibm:db2_universal_database:9.5:fp1:*:*:*:*:*:*
OR
cpe:/a:ibm:db2_universal_database:9.5:fp2:*:*:*:*:*:*
OR
cpe:/a:ibm:db2_universal_database:9.5:fp3:*:*:*:*:*:*
Denotes that component is vulnerable
BACK
ibm
db2 8.0 fp1
ibm
db2 8.0 fp10
ibm
db2 8.0 fp11
ibm
db2 8.0 fp12
ibm
db2 8.0 fp13
ibm
db2 8.0 fp14
ibm
db2 8.0 fp15
ibm
db2 8.0 fp16
ibm
db2 8.0 fp17
ibm
db2 8.0 fp2
ibm
db2 8.0 fp3
ibm
db2 8.0 fp4
ibm
db2 8.0 fp5
ibm
db2 8.0 fp6
ibm
db2 8.0 fp7
ibm
db2 8.0 fp8
ibm
db2 8.0 fp9
ibm
db2 9.1 fp1
ibm
db2 9.1 fp2
ibm
db2 9.1 fp3
ibm
db2 9.1 fp4
ibm
db2 9.1 fp5
ibm
db2 9.1 fp6
ibm
db2 9.1 fp7
ibm
db2 9.5 fp1
ibm
db2 9.5 fp2
ibm
db2 9.5 fp3
ibm
db2 universal database 9.1 fp4
ibm
db2 universal database 9.1 fp3
ibm
db2 universal database 9.1
ibm
db2 universal database 8.0 fp14
ibm
db2 universal database 8.0 fp13
ibm
db2 universal database 8.0 fp9
ibm
db2 universal database 9.5 fp1
ibm
db2 universal database 9.5 fp2
ibm
db2 universal database 9.5 fp3
Denotes that component is vulnerable