CVE-2018-1780
https://notcve.org/view.php?id=CVE-2018-1780
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local db2 instance owner to obtain root access by exploiting a symbolic link attack to read/write/corrupt a file that they originally did not have permission to access. IBM X-Force ID: 148803. IBM DB2 para Linux, UNIX y Windows (incluido DB2 Connect Server) 9.7, 10.1, 10.5 y 11.1 podría permitir que un propietario local de instancias db2 obtenga acceso root explotando un ataque de enlace simbólico para leer/escribir/corromper un archivo al que no se tenía permiso de acceso originalmente. IBM X-Force ID: 148803. • http://www.ibm.com/support/docview.wss?uid=ibm10733939 http://www.securityfocus.com/bid/105885 http://www.securitytracker.com/id/1042086 https://exchange.xforce.ibmcloud.com/vulnerabilities/148803 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2018-1781
https://notcve.org/view.php?id=CVE-2018-1781
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to obtain root access by exploiting a symbolic link attack to read/write/corrupt a file that they originally did not have permission to access. IBM X-Force ID: 148804. IBM DB2 para Linux, UNIX y Windows (incluido DB2 Connect Server) 9.7, 10.1, 10.5 y 11.1 podría permitir que un usuario local obtenga acceso root explotando un ataque de enlace simbólico para leer/escribir/corromper un archivo al que no se tenía permiso de acceso originalmente. IBM X-Force ID: 148804. • http://www.ibm.com/support/docview.wss?uid=ibm10733939 http://www.securityfocus.com/bid/105885 http://www.securitytracker.com/id/1042086 https://exchange.xforce.ibmcloud.com/vulnerabilities/148804 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2018-1799
https://notcve.org/view.php?id=CVE-2018-1799
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local unprivileged user to overwrite files on the system which could cause damage to the database. IBM X-Force ID: 149429. IBM DB2 para Linux, UNIX y Windows (incluido DB2 Connect Server) 9.7, 10.1, 10.5 y 11.1 podría permitir que un usuario local no privilegiado sobrescriba archivos en el sistema, lo que podría provocar daños en la base de datos. IBM X-Force ID: 149429. • http://www.ibm.com/support/docview.wss?uid=ibm10733939 http://www.securityfocus.com/bid/105885 http://www.securitytracker.com/id/1042086 https://exchange.xforce.ibmcloud.com/vulnerabilities/149429 •
CVE-2018-1802
https://notcve.org/view.php?id=CVE-2018-1802
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 binaries load shared libraries from an untrusted path potentially giving low privilege user full access to the DB2 instance account by loading a malicious shared library. IBM X-Force ID: 149640. En IBM DB2 para Linux, UNIX y Windows (incluido DB2 Connect Server) 9.7, 10.1, 10.5 y 11.1, los binarios cargaban librerías compartidas de una ruta no fiable, dando a un usuario de bajos privilegios acceso total a la cuenta de la instancia DB2 cargando una librería compartida maliciosa. IBM X-Force ID: 149640. • http://www.ibm.com/support/docview.wss?uid=ibm10733122 http://www.securityfocus.com/bid/105962 http://www.securitytracker.com/id/1042082 https://exchange.xforce.ibmcloud.com/vulnerabilities/149640 • CWE-426: Untrusted Search Path •
CVE-2018-1857
https://notcve.org/view.php?id=CVE-2018-1857
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 could allow a user to bypass FGAC control and gain access to data they shouldn't be able to see. IBM X-Force ID: 151155. IBM DB2 para Linux, UNIX y Windows (incluido DB2 Connect Server) 11.1 podría permitir que un usuario omita el control FGAC y obtenga acceso a datos que no deberían ser visibles. IBM X-Force ID: 151155. • http://www.ibm.com/support/docview.wss?uid=ibm10734059 http://www.securityfocus.com/bid/105883 http://www.securitytracker.com/id/1042176 https://exchange.xforce.ibmcloud.com/vulnerabilities/151155 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •