Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3857

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2008-3857
Last Modified 07 Mar 2011 10:11:31
Published 28 Aug 2008 01:41:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2008-3857

Summary

The Base Service Utilities component in IBM DB2 9.1 before Fixpak 5 retains a cleartext password in memory after the database connection that sent the password is fully established, which might allow local users to obtain sensitive information by reading a memory dump.

Vulnerable Systems

Application

  • Ibm Db2 Universal Database 9.1


References

CONFIRM - http://www-1.ibm.com/support/docview.wss?uid=swg21255607

XF - ibm-db2-baseservices-info-disclosure(45139)

VUPEN - ADV-2008-1769

BID - 29601

AIXAPAR - JR27422


Last Updated: 27 May 2016 10:48:19