CVE-2007-4270 - Vulnerability Details - OpenCVE

Multiple race conditions in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allow local users to gain root privileges via a symlink attack on certain files.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Db2 Universal Database

Configuration 1 [-]

OR	cpe:2.3:a:ibm:db2_universal_database::fp14::::::*
	cpe:2.3:a:ibm:db2_universal_database:::fp2:::::*

No data.

References

Link	Providers
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=578
http://secunia.com/advisories/26471
http://securitytracker.com/id?1018581
http://www-1.ibm.com/support/docview.wss?uid=swg1IY98210
http://www-1.ibm.com/support/docview.wss?uid=swg1IY99261
http://www-1.ibm.com/support/docview.wss?uid=swg21255352
http://www-1.ibm.com/support/docview.wss?uid=swg21255607
http://www.attrition.org/pipermail/vim/2007-August/001765.html
http://www.securityfocus.com/bid/25339
http://www.vupen.com/english/advisories/2007/2912
https://exchange.xforce.ibmcloud.com/vulnerabilities/36069

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-08-18T21:00:00

Updated: 2024-08-07T14:46:39.528Z

Reserved: 2007-08-09T00:00:00

Link: CVE-2007-4270

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-08-18T21:17:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-4270

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-08-16T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple race conditions in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allow local users to gain root privileges via a symlink attack on certain files."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21255607"}, {"name": "20070818 Recent DB2 Vulnerabilities", "tags": ["mailing-list", "x_refsource_VIM"], "url": "http://www.attrition.org/pipermail/vim/2007-August/001765.html"}, {"name": "ADV-2007-2912", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/2912"}, {"name": "20070816 IBM DB2 Universal Database Multiple Race Condition Vulnerabilities", "tags": ["third-party-advisory", "x_refsource_IDEFENSE"], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=578"}, {"name": "IY98210", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IY98210"}, {"name": "25339", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/25339"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21255352"}, {"name": "1018581", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1018581"}, {"name": "26471", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26471"}, {"name": "IY99261", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IY99261"}, {"name": "db2-binaries-symlink(36069)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36069"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-4270", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple race conditions in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allow local users to gain root privileges via a symlink attack on certain files."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www-1.ibm.com/support/docview.wss?uid=swg21255607", "refsource": "CONFIRM", "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21255607"}, {"name": "20070818 Recent DB2 Vulnerabilities", "refsource": "VIM", "url": "http://www.attrition.org/pipermail/vim/2007-August/001765.html"}, {"name": "ADV-2007-2912", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/2912"}, {"name": "20070816 IBM DB2 Universal Database Multiple Race Condition Vulnerabilities", "refsource": "IDEFENSE", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=578"}, {"name": "IY98210", "refsource": "AIXAPAR", "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IY98210"}, {"name": "25339", "refsource": "BID", "url": "http://www.securityfocus.com/bid/25339"}, {"name": "http://www-1.ibm.com/support/docview.wss?uid=swg21255352", "refsource": "CONFIRM", "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21255352"}, {"name": "1018581", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1018581"}, {"name": "26471", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26471"}, {"name": "IY99261", "refsource": "AIXAPAR", "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IY99261"}, {"name": "db2-binaries-symlink(36069)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36069"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T14:46:39.528Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21255607"}, {"name": "20070818 Recent DB2 Vulnerabilities", "tags": ["mailing-list", "x_refsource_VIM", "x_transferred"], "url": "http://www.attrition.org/pipermail/vim/2007-August/001765.html"}, {"name": "ADV-2007-2912", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/2912"}, {"name": "20070816 IBM DB2 Universal Database Multiple Race Condition Vulnerabilities", "tags": ["third-party-advisory", "x_refsource_IDEFENSE", "x_transferred"], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=578"}, {"name": "IY98210", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IY98210"}, {"name": "25339", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/25339"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21255352"}, {"name": "1018581", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1018581"}, {"name": "26471", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/26471"}, {"name": "IY99261", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IY99261"}, {"name": "db2-binaries-symlink(36069)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36069"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-4270", "datePublished": "2007-08-18T21:00:00", "dateReserved": "2007-08-09T00:00:00", "dateUpdated": "2024-08-07T14:46:39.528Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:db2_universal_database:*:fp14:*:*:*:*:*:*", "matchCriteriaId": "A896A825-6BBF-46A4-992D-F80CC0A93D5C", "versionEndIncluding": "8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:db2_universal_database:*:*:fp2:*:*:*:*:*", "matchCriteriaId": "AD1AACA4-8B6E-4DC7-A63D-7F6D1D1C7575", "versionEndIncluding": "9.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple race conditions in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allow local users to gain root privileges via a symlink attack on certain files."}, {"lang": "es", "value": "M\u00faltiples condiciones de carrera en IBM DB2 UDB 8 anterior a Fixpak 15 y 9.1 anterior a Fixpak 3 permite a usuarios locales obtener privilegios de root mediante ataque de enlace simb\u00f3lico en ciertos ficheros."}], "id": "CVE-2007-4270", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-08-18T21:17:00.000", "references": [{"source": "cve@mitre.org", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=578"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/26471"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1018581"}, {"source": "cve@mitre.org", "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IY98210"}, {"source": "cve@mitre.org", "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IY99261"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21255352"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21255607"}, {"source": "cve@mitre.org", "url": "http://www.attrition.org/pipermail/vim/2007-August/001765.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/25339"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/2912"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36069"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=578"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/26471"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1018581"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IY98210"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IY99261"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21255352"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21255607"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.attrition.org/pipermail/vim/2007-August/001765.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/25339"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/2912"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36069"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}