Lucene search

MitreCVE-2007-1086

HistoryFeb 23, 2007 - 10:28 p.m.

CVE-2007-1086

2007-02-2322:28:00

mitre

web.nvd.nist.gov

cve-2007-1086

ibm db2

security vulnerability

local users

arbitrary files

unsafe file access

nvd

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.3

Confidence

Low

EPSS

Percentile

10.1%

JSON

Unspecified binaries in IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 allow local users to create or modify arbitrary files via unspecified environment variables related to “unsafe file access.”

Affected configurations

Nvd

Node

hphp-ux

ibmaix

linuxlinux_kernelMatch2.6.18.0

linuxlinux_kernelMatch2.6.18.1

linuxlinux_kernelMatch2.6.18.2

linuxlinux_kernelMatch2.6.18.3

linuxlinux_kernelMatch2.6.18.4

linuxlinux_kernelMatch2.6.18.5

linuxlinux_kernelMatch2.6.18.6

linuxlinux_kernelMatch2.6.18.7

linuxlinux_kernelMatch2.6.19

linuxlinux_kernelMatch2.6.19.1

linuxlinux_kernelMatch2.6.19.2

linuxlinux_kernelMatch2.6.19.3

linuxlinux_kernelMatch2.6.19.4

linuxlinux_kernelMatch2.6.20

linuxlinux_kernelMatch2.6.20.1

microsoftwindows_xp

sunsolaris

AND

ibmdb2_universal_databaseMatch8.0linux

ibmdb2_universal_databaseMatch8.1aix

ibmdb2_universal_databaseMatch8.1.4

ibmdb2_universal_databaseMatch8.1.5

ibmdb2_universal_databaseMatch8.1.6

ibmdb2_universal_databaseMatch8.1.6c

ibmdb2_universal_databaseMatch8.1.7

ibmdb2_universal_databaseMatch8.1.7b

ibmdb2_universal_databaseMatch8.1.8

ibmdb2_universal_databaseMatch8.1.8a

ibmdb2_universal_databaseMatch8.1.9

ibmdb2_universal_databaseMatch8.1.9a

ibmdb2_universal_databaseMatch8.10

ibmdb2_universal_databaseMatch8.12

ibmdb2_universal_databaseMatch9.1hp_ux

VendorProductVersionCPE
hphp-ux*cpe:2.3:o:hp:hp-ux:*:*:*:*:*:*:*:*
ibmaix*cpe:2.3:o:ibm:aix:*:*:*:*:*:*:*:*
linuxlinux_kernel2.6.18.0cpe:2.3:o:linux:linux_kernel:2.6.18.0:*:*:*:*:*:*:*
linuxlinux_kernel2.6.18.1cpe:2.3:o:linux:linux_kernel:2.6.18.1:*:*:*:*:*:*:*
linuxlinux_kernel2.6.18.2cpe:2.3:o:linux:linux_kernel:2.6.18.2:*:*:*:*:*:*:*
linuxlinux_kernel2.6.18.3cpe:2.3:o:linux:linux_kernel:2.6.18.3:*:*:*:*:*:*:*
linuxlinux_kernel2.6.18.4cpe:2.3:o:linux:linux_kernel:2.6.18.4:*:*:*:*:*:*:*
linuxlinux_kernel2.6.18.5cpe:2.3:o:linux:linux_kernel:2.6.18.5:*:*:*:*:*:*:*
linuxlinux_kernel2.6.18.6cpe:2.3:o:linux:linux_kernel:2.6.18.6:*:*:*:*:*:*:*
linuxlinux_kernel2.6.18.7cpe:2.3:o:linux:linux_kernel:2.6.18.7:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
hp	hp-ux	*	cpe:2.3:o:hp:hp-ux::::::::
ibm	aix	*	cpe:2.3:o:ibm:aix::::::::
linux	linux_kernel	2.6.18.0	cpe:2.3:o:linux:linux_kernel:2.6.18.0:::::::*
linux	linux_kernel	2.6.18.1	cpe:2.3:o:linux:linux_kernel:2.6.18.1:::::::*
linux	linux_kernel	2.6.18.2	cpe:2.3:o:linux:linux_kernel:2.6.18.2:::::::*
linux	linux_kernel	2.6.18.3	cpe:2.3:o:linux:linux_kernel:2.6.18.3:::::::*
linux	linux_kernel	2.6.18.4	cpe:2.3:o:linux:linux_kernel:2.6.18.4:::::::*
linux	linux_kernel	2.6.18.5	cpe:2.3:o:linux:linux_kernel:2.6.18.5:::::::*
linux	linux_kernel	2.6.18.6	cpe:2.3:o:linux:linux_kernel:2.6.18.6:::::::*
linux	linux_kernel	2.6.18.7	cpe:2.3:o:linux:linux_kernel:2.6.18.7:::::::*

Rows per page:

1-10 of 341

References

labs.idefense.com/intelligence/vulnerabilities/display.php?id=481

osvdb.org/40969

www-1.ibm.com/support/docview.wss?uid=swg21255747

www.attrition.org/pipermail/vim/2007-August/001765.html

www.securityfocus.com/bid/22677

exchange.xforce.ibmcloud.com/vulnerabilities/32650

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.3

Confidence

Low

EPSS

Percentile

10.1%

JSON

Related for CVE-2007-1086