Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0898

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2003-0898
Last Modified 05 Sep 2008 04:35:31
Published 17 Nov 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2003-0898

Summary

IBM DB2 7.2 before FixPak 10a, and earlier versions including 7.1, allows local users to overwrite arbitrary files and gain privileges via a symlink attack on (1) db2job and (2) db2job2.

Vulnerable Systems

Application

  • Ibm Db2 Universal Database 7.1

  • Ibm Db2 Universal Database 8.0


References

CONFIRM - ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2aixv7/FP10a_U495172/FixpakReadme.txt

BUGTRAQ - 20030805 Local Vulnerability in IBM DB2 7.1 db2job binary


Last Updated: 27 May 2016 10:38:06