Description
Shared memory sections and events in IBM DB2 8.1 have default permissions of read and write for the Everyone group, which allows local users to gain unauthorized access, gain sensitive information, such as cleartext passwords, and cause a denial of service.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Chris Anley · textlocalwindows
https://www.exploit-db.com/exploits/24678
References (6)
Core 6
Core References
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=110495402231836&w=2
Broken Link, Patch, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/11402
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/17605
Not Applicable x_refsource_misc
http://www.nextgenss.com/advisories/db205012005F.txt
Broken Link, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/12733/
Broken Link x_refsource_confirm
http://www-1.ibm.com/support/docview.wss?uid=swg21181228
Scores
CVSS v3
7.1
EPSS
0.0014
EPSS Percentile
32.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Details
CWE
CWE-732
Status
published
Products (4)
ibm/db2_universal_database
7.1
ibm/db2_universal_database
7.2
ibm/db2_universal_database
8.0
ibm/db2_universal_database
8.1
Published
Dec 31, 2005
Tracked Since
Feb 18, 2026