CVE-2007-4272

Name of the Vulnerable Software and Affected Versions IBM DB2 UDB versions 8.0 through 8.0 before Fixpak 15 IBM DB2 UDB versions 9.1 through 9.1 before Fixpak 3

Description The issue allows local users to create arbitrary files via unspecified vectors, including scenarios where an attacker's umask is honored. Additionally, it involves the /etc/ld.so.preload file, certain cron data file locations, and possibly the OSSEMEMDBG or TRC LOG FILE environment variables in db2licd (db2licm).

Recommendations For IBM DB2 UDB versions 8.0 through 8.0 before Fixpak 15, apply Fixpak 15 to resolve the issue. For IBM DB2 UDB versions 9.1 through 9.1 before Fixpak 3, apply Fixpak 3 to resolve the issue. As a temporary workaround, consider restricting access to the db2licd (db2licm) and limiting the ability to modify cron data file locations until a patch is applied.