PT-2008-1511 · Ibm · Ibm Db2 Universal Database

Published

2008-04-16

Updated

2017-07-29

CVE-2007-5664

CVSS v2.0

6.9

Medium

Vector

AV:L/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions IBM DB2 Universal Database versions 9.5 before Fix Pack 1 IBM DB2 Universal Database versions 9.1 before Fix Pack 4a IBM DB2 Universal Database versions 8 before FixPak 16

Description The issue allows local users to overwrite arbitrary files via a symlink attack on files used for initialization in the DB2 Administration Server (DAS).

Recommendations For IBM DB2 Universal Database version 9.5 before Fix Pack 1, apply Fix Pack 1 to resolve the issue. For IBM DB2 Universal Database version 9.1 before Fix Pack 4a, apply Fix Pack 4a to resolve the issue. For IBM DB2 Universal Database version 8 before FixPak 16, apply FixPak 16 to resolve the issue.

Fix

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-59

Related Identifiers

CVE-2007-5664

Affected Products

Ibm Db2 Universal Database

PT-2008-1511 · Ibm · Ibm Db2 Universal Database

CVE-2007-5664

Weakness Enumeration

Related Identifiers

Affected Products

References · 7