Lucene search
HistoryFeb 13, 2008 - 12:00 a.m.
CVE-2007-5757
CVSS2
6.9
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
AI Score
6.1
Confidence
Low
EPSS
0
Percentile
5.1%
Untrusted search path vulnerability in db2pd in IBM DB2 Universal Database (UDB) 8 before FixPak 16 and 9 before Fix Pack 4 allows local users to gain root privileges via a modified DB2INSTANCE environment variable that points to a malicious library. NOTE: this might be the same issue as CVE-2008-0697.
Affected configurations
Node
ibmdb2_universal_databaseRange≤8.0fixpak_15
ORibmdb2_universal_databaseMatch9.0fixpak_3a
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | db2_universal_database | * | cpe:2.3:a:ibm:db2_universal_database:*:fixpak_15:*:*:*:*:*:* |
| ibm | db2_universal_database | 9.0 | cpe:2.3:a:ibm:db2_universal_database:9.0:fixpak_3a:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2007-5757
2008-02-12 23:00:00
CVE-2008-0697
2008-02-12 00:00:00
prion
prion
Design/Logic Flaw
2008-02-13 00:00:00
Design/Logic Flaw
2008-02-12 01:00:00
cve
cve
CVE-2007-5757
2008-02-13 00:00:00
CVE-2008-0697
2008-02-12 01:00:00
seebug
seebug
IBM DB2数据库db2db本地权限提升漏洞
2008-02-14 00:00:00
securityvulns
securityvulns
nvd
nvd
CVE-2008-0697
2008-02-12 01:00:00
nessus
nessus
IBM DB2 < 8.1 Fix Pack 16 Multiple Vulnerabilities
2008-02-05 00:00:00
IBM DB2 < 9 Fix Pack 4 Multiple Vulnerabilities
2007-11-16 00:00:00
CVSS2
6.9
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
AI Score
6.1
Confidence
Low
EPSS
0
Percentile
5.1%
Related for NVD:CVE-2007-5757