CVE-2005-4868

Shared memory sections and events in IBM DB2 8.1 have default permissions of read and write for the Everyone group, which allows local users to gain unauthorized access, gain sensitive information, such as cleartext passwords, and cause a denial of service.

CVSS v2.0 2.1 LOW

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www-1.ibm.com/support/docview.wss?uid=swg21181228
http://www.nextgenss.com/advisories/db205012005F.txt
http://www.securityfocus.com/bid/11402	Patch
http://secunia.com/advisories/12733/	Vendor Advisory
http://marc.info/?l=bugtraq&m=110495402231836&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/17605

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:db2_universal_database:7.1::windows:::::
	cpe:2.3:a:ibm:db2_universal_database:7.2::windows:::::
	cpe:2.3:a:ibm:db2_universal_database:8.0::windows:::::
	cpe:2.3:a:ibm:db2_universal_database:8.1::windows:::::

Information

Published : 2005-12-30 21:00

Updated : 2017-08-16 18:29

NVD link : CVE-2005-4868

Mitre link : CVE-2005-4868

JSON object : View

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

Advertisement

Products Affected

ibm

db2_universal_database

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21181228", "name": "http://www-1.ibm.com/support/docview.wss?uid=swg21181228", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.nextgenss.com/advisories/db205012005F.txt", "name": "http://www.nextgenss.com/advisories/db205012005F.txt", "tags": [], "refsource": "MISC"}, {"url": "http://www.securityfocus.com/bid/11402", "name": "11402", "tags": ["Patch"], "refsource": "BID"}, {"url": "http://secunia.com/advisories/12733/", "name": "12733", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://marc.info/?l=bugtraq&m=110495402231836&w=2", "name": "20050105 IBM DB2 Windows Permission Problems (#NISR05012005F)", "tags": [], "refsource": "BUGTRAQ"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17605", "name": "db2-everyone-gain-access(17605)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Shared memory sections and events in IBM DB2 8.1 have default permissions of read and write for the Everyone group, which allows local users to gain unauthorized access, gain sensitive information, such as cleartext passwords, and cause a denial of service."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-200"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2005-4868", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "LOW", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2005-12-31T05:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:ibm:db2_universal_database:7.1:*:windows:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2_universal_database:7.2:*:windows:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2_universal_database:8.0:*:windows:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2_universal_database:8.1:*:windows:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-08-17T01:29Z"}