Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-4871

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2005-4871
Last Modified 05 Sep 2008 04:58:04
Published 31 Dec 2005 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2005-4871

Summary

Certain XML functions in IBM DB2 8.1 run with the privileges of DB2 instead of the logged-in user, which allows remote attackers to create or overwrite files via (1) XMLFileFromVarchar or (2) XMLFileFromClob, or read files via (3) XMLVarcharFromFile or (4) XMLClobFromFile.

Vulnerable Systems

Application

  • Ibm Db2 8.1


References

SECUNIA - 12733

XF - db2-xml-file-creation(18761)

BID - 12170

BUGTRAQ - 20050105 IBM DB2 XML functions file creation vulnerabilities (#NISR05012005I)


Last Updated: 27 May 2016 10:41:28