CVE-2007-5664
iDEFENSE Security Advisory 2008-04-09.4
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
db2dasrrm in the DB2 Administration Server (DAS) in IBM DB2 Universal Database 9.5 before Fix Pack 1, 9.1 before Fix Pack 4a, and 8 before FixPak 16 allows local users to overwrite arbitrary files via a symlink attack on files used for initialization.
db2dasrrm en DB2 Administration Server (DAS) de IBM DB2 Universal Database 9.5 anterior al Fix Pack 1, 9.1 anterior al Fix Pack 4a, y 8 anterior al FixPak 16, permite a usuarios locales sobrescribir ficheros de su elección a través de un ataque de enlace simbólico sobre archivos usados para su inicialización.
Local exploitation of a file creation vulnerability in the Administration Server of IBM Corp.'s DB2 Universal Database allows attackers to elevate privileges to root. This vulnerability exists due to unsafe file access from within the db2dasrrm program. When a user starts the DAS, the "db2dasrrm" process is started with root privileges. As part of the initialization, the "dasRecoveryIndex", "dasRecoveryIndex.tmp", ".dasRecoveryIndex.lock", and "dasRecoveryIndex.cor" files are created with root privileges. By removing and re-creating these files as symbolic links, an attacker can create arbitrary files as root. iDefense has confirmed the existence of this vulnerability in IBM Corp.'s DB2 Universal Database 9.1 release with Fix Pack 3 installed on Linux. Other versions are also suspected to be vulnerable.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2007-10-23 CVE Reserved
- 2008-04-16 CVE Published
- 2024-08-07 CVE Updated
- 2025-06-26 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-59: Improper Link Resolution Before File Access ('Link Following')
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=688 | Third Party Advisory | |
| http://www.securitytracker.com/id?1019852 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2008/1237/references | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/41848 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/29784 | 2017-07-29 | |
| http://www.securityfocus.com/bid/27870 | 2017-07-29 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ibm Search vendor "Ibm" | Db2 Universal Database Search vendor "Ibm" for product "Db2 Universal Database" | 8 Search vendor "Ibm" for product "Db2 Universal Database" and version "8" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Db2 Universal Database Search vendor "Ibm" for product "Db2 Universal Database" | 9.1 Search vendor "Ibm" for product "Db2 Universal Database" and version "9.1" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Db2 Universal Database Search vendor "Ibm" for product "Db2 Universal Database" | 9.5 Search vendor "Ibm" for product "Db2 Universal Database" and version "9.5" | - |
Affected
| ||||||