Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5757

Overview

Vulnerability Score 6.9 6.9
CVE Id CVE-2007-5757
Last Modified 05 Sep 2008 05:31:35
Published 12 Feb 2008 07:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2007-5757

Summary

Untrusted search path vulnerability in db2pd in IBM DB2 Universal Database (UDB) 8 before FixPak 16 and 9 before Fix Pack 4 allows local users to gain root privileges via a modified DB2INSTANCE environment variable that points to a malicious library. NOTE: this might be the same issue as CVE-2008-0697.

Vulnerable Systems

Application

  • Ibm Db2 Universal Database 8.0

  • Ibm Db2 Universal Database 9.0


References

IDEFENSE - 20080207 IBM DB2 Universal Database db2pd Arbitrary Library Loading Vulnerability

SECTRACK - 1019319

CONFIRM - ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT


Last Updated: 27 May 2016 10:46:16