CVE-2005-4868
7.1
CVSS Score
High
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Link copied!
Description
Shared memory sections and events in IBM DB2 8.1 have default permissions of read and write for the Everyone group, which allows local users to gain unauthorized access, gain sensitive information, such as cleartext passwords, and cause a denial of service.
CVSS Vector Details
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
High
Affected Software Configurations
- a ibm db2_universal_database 7.1 * * * * * * *
- a ibm db2_universal_database 7.2 * * * * * * *
- a ibm db2_universal_database 8.0 * * * * * * *
- a ibm db2_universal_database 8.1 * * * * * * *
- o microsoft windows - * * * * * * *
Weaknesses (CWE)
- CWE-732
References & External Links
- http://marc.info/?l=bugtraq&m=110495402231836&w=2
- http://secunia.com/advisories/12733/
- http://www-1.ibm.com/support/docview.wss?uid=swg21181228
- http://www.nextgenss.com/advisories/db205012005F.txt
- http://www.securityfocus.com/bid/11402
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17605
- http://marc.info/?l=bugtraq&m=110495402231836&w=2
- http://secunia.com/advisories/12733/
- http://www-1.ibm.com/support/docview.wss?uid=swg21181228
- http://www.nextgenss.com/advisories/db205012005F.txt
- http://www.securityfocus.com/bid/11402
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17605
External Resources
CVE History Timeline
Oct 09, 2007 20:57
Initial Analysis
Oct 18, 2016 03:38
CVE Modified
Jul 29, 2017 01:29
CVE Modified
Aug 17, 2017 01:29
CVE Modified
Feb 16, 2024 14:10
Modified Analysis
May 14, 2024 01:33
CVE Modified
Nov 21, 2024 00:05
CVE Modified