Lucene search

MitreCVE-2003-1052

HistorySep 28, 2004 - 4:00 a.m.

CVE-2003-1052

2004-09-2804:00:00

mitre

web.nvd.nist.gov

ibm

db2

7.1

8.1

root privileges

shared library

nvd

cve-2003-1052

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

Confidence

Low

EPSS

0.001

Percentile

32.5%

JSON

IBM DB2 7.1 and 8.1 allow the bin user to gain root privileges by modifying the shared libraries that are used in setuid root programs.

Affected configurations

Nvd

Node

ibmdb2Match9.0

ibmdb2_universal_databaseMatch6.0

ibmdb2_universal_databaseMatch7.0linux

ibmdb2_universal_databaseMatch7.1linux

ibmdb2_universal_databaseMatch7.2linux

ibmdb2_universal_databaseMatch8.0linux

ibmdb2_universal_databaseMatch8.1aix

ibmdb2_universal_databaseMatch8.2windows

VendorProductVersionCPE
ibmdb29.0cpe:2.3:a:ibm:db2:9.0:*:*:*:*:*:*:*
ibmdb2_universal_database6.0cpe:2.3:a:ibm:db2_universal_database:6.0:*:*:*:*:*:*:*
ibmdb2_universal_database7.0cpe:2.3:a:ibm:db2_universal_database:7.0:*:linux:*:*:*:*:*
ibmdb2_universal_database7.1cpe:2.3:a:ibm:db2_universal_database:7.1:*:linux:*:*:*:*:*
ibmdb2_universal_database7.2cpe:2.3:a:ibm:db2_universal_database:7.2:*:linux:*:*:*:*:*
ibmdb2_universal_database8.0cpe:2.3:a:ibm:db2_universal_database:8.0:*:linux:*:*:*:*:*
ibmdb2_universal_database8.1cpe:2.3:a:ibm:db2_universal_database:8.1:*:aix:*:*:*:*:*
ibmdb2_universal_database8.2cpe:2.3:a:ibm:db2_universal_database:8.2:*:windows:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	db2	9.0	cpe:2.3:a:ibm:db2:9.0:::::::*
ibm	db2_universal_database	6.0	cpe:2.3:a:ibm:db2_universal_database:6.0:::::::*
ibm	db2_universal_database	7.0	cpe:2.3:a:ibm:db2_universal_database:7.0::linux:::::
ibm	db2_universal_database	7.1	cpe:2.3:a:ibm:db2_universal_database:7.1::linux:::::
ibm	db2_universal_database	7.2	cpe:2.3:a:ibm:db2_universal_database:7.2::linux:::::
ibm	db2_universal_database	8.0	cpe:2.3:a:ibm:db2_universal_database:8.0::linux:::::
ibm	db2_universal_database	8.1	cpe:2.3:a:ibm:db2_universal_database:8.1::aix:::::
ibm	db2_universal_database	8.2	cpe:2.3:a:ibm:db2_universal_database:8.2::windows:::::

References

www.securityfocus.com/archive/1/331904

www.securityfocus.com/bid/8346

exchange.xforce.ibmcloud.com/vulnerabilities/12826

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

Confidence

Low

EPSS

0.001

Percentile

32.5%

JSON

Related for CVE-2003-1052