PT-2007-2455 · Ibm · Ibm Db2
Published
2007-02-21
·
Updated
2011-03-08
·
CVE-2007-1027
CVSS v2.0
4.4
Medium
| Vector | AV:L/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions:
IBM DB2 versions prior to 9 Fix Pack 2 for Linux and Unix
Description:
The issue allows local users to overwrite arbitrary files via a symlink attack on the DB2DIAG.LOG temporary file. This is a result of certain setuid DB2 binaries being vulnerable to such attacks.
Recommendations:
For versions prior to 9 Fix Pack 2, update to 9 Fix Pack 2 or later to resolve the issue. As a temporary workaround, consider restricting access to the setuid DB2 binaries to minimize the risk of exploitation.
Fix
Link Following
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Db2