Directory traversal vulnerability in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allows local users to create arbitrary files via a .. (dot dot) in an unspecified environment variable, which is appended to "/tmp/" and used as a log file. NOTE: this issue might be related to symlink following.

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00052.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Ibm Subscribe
Db2 Universal Database Subscribe

Configuration 1 [-]

OR cpe:2.3:a:ibm:db2_universal_database:*:fp14:*:*:*:*:*:*
cpe:2.3:a:ibm:db2_universal_database:*:*:fp2:*:*:*:*:*

No data.

No data.

Advisories
Source ID Title
EUVD EUVD EUVD-2007-4254 Directory traversal vulnerability in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allows local users to create arbitrary files via a .. (dot dot) in an unspecified environment variable, which is appended to "/tmp/" and used as a log file. NOTE: this issue might be related to symlink following.
Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=579 cve-icon cve-icon
http://secunia.com/advisories/26471 cve-icon cve-icon
http://securitytracker.com/id?1018581 cve-icon cve-icon
http://www-1.ibm.com/support/docview.wss?uid=swg1IY98210 cve-icon cve-icon
http://www-1.ibm.com/support/docview.wss?uid=swg1IY99261 cve-icon cve-icon
http://www-1.ibm.com/support/docview.wss?uid=swg21255352 cve-icon cve-icon
http://www-1.ibm.com/support/docview.wss?uid=swg21255607 cve-icon cve-icon
http://www.attrition.org/pipermail/vim/2007-August/001765.html cve-icon cve-icon
http://www.securityfocus.com/bid/25339 cve-icon cve-icon
http://www.vupen.com/english/advisories/2007/2912 cve-icon cve-icon
History

No history.

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-07T14:46:39.432Z

Reserved: 2007-08-09T00:00:00

Link: CVE-2007-4271

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2007-08-18T21:17:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-4271

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses