Information Disclosure in IBM DB2 Base Service Utilities Component
CVE-2008-3857

Currently unrated

Key Information:

Vendor: IBM
Status: Db2 Universal Database
Vendor: CVE Published:; 28 August 2008

Summary

The Base Service Utilities component in IBM DB2 9.1 prior to Fixpak 5 contains a vulnerability where it retains a cleartext password in memory after establishing the database connection. This may allow local users to exploit the system by reading memory dumps, potentially granting them access to sensitive authentication information.

References

http://www-1.ibm.com/support/docview.wss?uid=swg21255607

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/45139

vdb-entryx_refsource_XF

http://www-1.ibm.com/support/docview.wss?uid=swg1JR27422

vendor-advisoryx_refsource_AIXAPAR

Timeline

Vulnerability published
Aug 28, 2008
Vulnerability Reserved
Aug 28, 2008