CVE-2007-4272

Severity Score

7.1

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Multiple vulnerabilities in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allow local users to create arbitrary files via (1) unspecified vectors where an attacker's umask is honored, (2) /etc/ld.so.preload, (3) certain "cron data file locations", and other unspecified vectors possibly involving the (4) OSSEMEMDBG or (5) TRC_LOG_FILE environment variable in db2licd (db2licm).

Múltiples vulnerabilidades en IBM DB2 UDB 8 anterior a Fixpak 15 y 9.1 anterior a Fixpak 3 permite a usuarios locales crear ficheros de su elección mediante (1) vectores no especificados donde una umask del atacantes es aceptada, (2) /etc/ld.so.preload, (3) ciertas "localizaciones de ficheros de datos del cron", y otros vectores no especificados que posiblemente implican las variables de entorno (4) OSSEMEMDBG o (5) TRC_LOG_FILE en db2licd (db2licm).

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Attack Vector

Local

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2007-08-09 CVE Reserved
2007-08-18 CVE Published
2024-08-07 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (12)

URL	Tag	Source
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=580	Third Party Advisory
http://securitytracker.com/id?1018581	Vdb Entry
http://www.attrition.org/pipermail/vim/2007-August/001765.html	Mailing List
http://www.securityfocus.com/bid/25339	Vdb Entry
http://www.vupen.com/english/advisories/2007/2912	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/36104	Vdb Entry

URL	Date	SRC

URL	Date	SRC
http://secunia.com/advisories/26471	2017-07-29
http://www-1.ibm.com/support/docview.wss?uid=swg21255352	2017-07-29
http://www-1.ibm.com/support/docview.wss?uid=swg21255607	2017-07-29

URL	Date	SRC
http://www-1.ibm.com/support/docview.wss?uid=swg1IY98011	2017-07-29
http://www-1.ibm.com/support/docview.wss?uid=swg1IY98101	2017-07-29
http://www-1.ibm.com/support/docview.wss?uid=swg1IY98210	2017-07-29

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Ibm Search vendor "Ibm"		Db2 Universal Database Search vendor "Ibm" for product "Db2 Universal Database"				<= 8.0 Search vendor "Ibm" for product "Db2 Universal Database" and version " <= 8.0"		fp14		Affected
Ibm Search vendor "Ibm"		Db2 Universal Database Search vendor "Ibm" for product "Db2 Universal Database"				<= 9.1 Search vendor "Ibm" for product "Db2 Universal Database" and version " <= 9.1"		fp2		Affected