CVE-2009-4334

Sažetak

The Self Tuning Memory Manager (STMM) component in IBM DB2 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 uses 0666 permissions for the STMM log file, which allows local users to cause a denial of service or have unspecified other impact by writing to this file.

Reference

ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v97/APARLIST.TXT
http://secunia.com/advisories/37759
http://www.securityfocus.com/bid/37332
http://www.vupen.com/english/advisories/2009/3520
http://www-01.ibm.com/support/docview.wss?uid=swg1IC64019
http://www-01.ibm.com/support/docview.wss?uid=swg1IZ48106
http://www-01.ibm.com/support/docview.wss?uid=swg1IZ50355
http://www-01.ibm.com/support/docview.wss?uid=swg21293566
http://www-01.ibm.com/support/docview.wss?uid=swg21412902

CVSS

Base:	4.6
Impact:	6.4
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:L/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

29-06-2010 - 04:00

Objavljeno

16-12-2009 - 18:30