CVE-2003-0898 - IBM DB2 7.2 before FixPak 10a, and earlier versions including 7.1, allows local users to overwrite a

CVE-2003-0898

Summary

IBM DB2 7.2 before FixPak 10a, and earlier versions including 7.1, allows local users to overwrite arbitrary files and gain privileges via a symlink attack on (1) db2job and (2) db2job2.

References

Vulnerable Configurations

cpe:2.3:a:ibm:db2_universal_database:7.1:*:linux:*:*:*:*:*
cpe:2.3:a:ibm:db2_universal_database:7.1:*:linux:*:*:*:*:*
cpe:2.3:a:ibm:db2_universal_database:8.0:*:linux:*:*:*:*:*
cpe:2.3:a:ibm:db2_universal_database:8.0:*:linux:*:*:*:*:*

CVSS

Base:	4.6 (as of 18-10-2016 - 02:38)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:L/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bugtraq	20030805 Local Vulnerability in IBM DB2 7.1 db2job binary
confirm	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2aixv7/FP10a_U495172/FixpakReadme.txt

Last major update

18-10-2016 - 02:38

Published

17-11-2003 - 05:00

Last modified

18-10-2016 - 02:38