Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 17/11/2003 Updated: 18/10/2016

CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9

VMScore: 465

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

IBM DB2 7.2 before FixPak 10a, and previous versions versions including 7.1, allows local users to overwrite arbitrary files and gain privileges via a symlink attack on (1) db2job and (2) db2job2.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ibm db2 universal database
ibm db2 universal database 7.1

source: wwwsecurityfocuscom/bid/8344/info IBM's DB2 database ships with a utility called db2job, installed with permissions 4550 and owned by rootdb2asgrp It has been reported that db2job writes to a number of files with root privileges The files written to are created with 0770 permissions (owner, group writeable) and are owned by r ...

NVD-CWE-Other ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2aixv7/FP10a_U495172/FixpakReadme.txt http://marc.info/?l=bugtraq&m=106010332721672&w=2 https://nvd.nist.gov https://www.exploit-db.com/exploits/22988/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2003-0898

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect