CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
High
EPSS
Percentile
5.1%
The Self Tuning Memory Manager (STMM) component in IBM DB2 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 uses 0666 permissions for the STMM log file, which allows local users to cause a denial of service or have unspecified other impact by writing to this file.
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | db2 | 9.1 | cpe:2.3:a:ibm:db2:9.1:*:*:*:*:*:*:* |
ibm | db2 | 9.1 | cpe:2.3:a:ibm:db2:9.1:fp1:*:*:*:*:*:* |
ibm | db2 | 9.1 | cpe:2.3:a:ibm:db2:9.1:fp2:*:*:*:*:*:* |
ibm | db2 | 9.1 | cpe:2.3:a:ibm:db2:9.1:fp3:*:*:*:*:*:* |
ibm | db2 | 9.1 | cpe:2.3:a:ibm:db2:9.1:fp3a:*:*:*:*:*:* |
ibm | db2 | 9.1 | cpe:2.3:a:ibm:db2:9.1:fp4:*:*:*:*:*:* |
ibm | db2 | 9.1 | cpe:2.3:a:ibm:db2:9.1:fp4a:*:*:*:*:*:* |
ibm | db2 | 9.1 | cpe:2.3:a:ibm:db2:9.1:fp5:*:*:*:*:*:* |
ibm | db2 | 9.1 | cpe:2.3:a:ibm:db2:9.1:fp6:*:*:*:*:*:* |
ibm | db2 | 9.1 | cpe:2.3:a:ibm:db2:9.1:fp6a:*:*:*:*:*:* |
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v97/APARLIST.TXT
secunia.com/advisories/37759
www-01.ibm.com/support/docview.wss?uid=swg1IC64019
www-01.ibm.com/support/docview.wss?uid=swg1IZ48106
www-01.ibm.com/support/docview.wss?uid=swg1IZ50355
www-01.ibm.com/support/docview.wss?uid=swg21293566
www-01.ibm.com/support/docview.wss?uid=swg21412902
www.securityfocus.com/bid/37332
www.vupen.com/english/advisories/2009/3520