File Overwrite Vulnerability in IBM DB2 Universal Database
CVE-2007-5664

Currently unrated

Key Information:

Vendor: IBM
Status: Db2 Universal Database
Vendor: CVE Published:; 16 April 2008

Summary

The local users of IBM DB2 Universal Database can exploit a vulnerability in the DB2 Administration Server to overwrite arbitrary files. This is achieved through a symlink attack targeting files that are integral for the initialization process. Affected versions include DB2 9.5 prior to Fix Pack 1, DB2 9.1 prior to Fix Pack 4a, and DB2 8 prior to FixPak 16, highlighting the importance of system updates to mitigate risk.

References

http://labs.idefense.com/intelligence/vulnerabilities/dis...

third-party-advisoryx_refsource_IDEFENSE

http://www.securitytracker.com/id?1019852

vdb-entryx_refsource_SECTRACK

http://secunia.com/advisories/29784

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Apr 16, 2008
Vulnerability Reserved
Oct 23, 2007