PT-2010-5027 · Ibm · Ibm Db2 Udb
Published
2010-10-05
·
Updated
2017-09-19
·
CVE-2010-3733
CVSS v2.0
7.2
High
| Vector | AV:L/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
IBM DB2 UDB version 9.5 before FP6a
Description
The issue concerns the Engine Utilities component in IBM DB2 UDB, where the sqllib/cfg/db2sprf file has world-writable permissions. This could potentially allow local users to gain privileges by modifying the file.
Recommendations
For IBM DB2 UDB version 9.5 before FP6a, update to FP6a or later to resolve the issue. As a temporary workaround, consider changing the permissions of the sqllib/cfg/db2sprf file to prevent unauthorized modifications.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Db2 Udb