Multiple File Creation Vulnerabilities in IBM DB2 UDB
CVE-2007-4272

Currently unrated

Key Information:

Vendor

IBM
Status
Db2 Universal Database
Vendor
CVE Published:
18 August 2007

What is CVE-2007-4272?

IBM DB2 UDB versions prior to Fixpak 15 for 8 and prior to Fixpak 3 for 9.1 are susceptible to multiple file creation vulnerabilities. Local users can exploit these flaws to create arbitrary files through various methods, including utilizing an attacker's umask, accessing specific cron data file locations, exploiting the /etc/ld.so.preload file, and manipulating environment variables such as OSSEMEMDBG and TRC_LOG_FILE in the db2licd and db2licm utilities. This poses a security risk, as it may allow unwanted modifications to the system.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www-1.ibm.com/support/docview.wss?uid=swg21255607
x_refsource_CONFIRM
http://www.attrition.org/pipermail/vim/2007-August/001765...
mailing-listx_refsource_VIM
http://www.vupen.com/english/advisories/2007/2912
vdb-entryx_refsource_VUPEN

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.