CVE-2005-4868

Shared memory sections and events in IBM DB2 8.1 have default permissions of read and write for the Everyone group, which allows local users to gain unauthorized access, gain sensitive information, such as cleartext passwords, and cause a denial of service.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:ibm:db2_universal_database:7.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:db2_universal_database:7.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:db2_universal_database:8.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:db2_universal_database:8.1:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

16 Feb 2024, 14:10

Type Values Removed Values Added
References () http://marc.info/?l=bugtraq&m=110495402231836&w=2 - () http://marc.info/?l=bugtraq&m=110495402231836&w=2 - Mailing List
References () http://secunia.com/advisories/12733/ - Vendor Advisory () http://secunia.com/advisories/12733/ - Broken Link, Vendor Advisory
References () http://www-1.ibm.com/support/docview.wss?uid=swg21181228 - () http://www-1.ibm.com/support/docview.wss?uid=swg21181228 - Broken Link
References () http://www.nextgenss.com/advisories/db205012005F.txt - () http://www.nextgenss.com/advisories/db205012005F.txt - Not Applicable
References () http://www.securityfocus.com/bid/11402 - Patch () http://www.securityfocus.com/bid/11402 - Broken Link, Patch, Third Party Advisory, VDB Entry
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/17605 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/17605 - Third Party Advisory, VDB Entry
CWE CWE-200 CWE-732
First Time Microsoft windows
Microsoft
CPE cpe:2.3:a:ibm:db2_universal_database:8.0:*:windows:*:*:*:*:*
cpe:2.3:a:ibm:db2_universal_database:7.2:*:windows:*:*:*:*:*
cpe:2.3:a:ibm:db2_universal_database:7.1:*:windows:*:*:*:*:*
cpe:2.3:a:ibm:db2_universal_database:8.1:*:windows:*:*:*:*:*
cpe:2.3:a:ibm:db2_universal_database:8.1:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
cpe:2.3:a:ibm:db2_universal_database:7.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:db2_universal_database:7.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:db2_universal_database:8.0:*:*:*:*:*:*:*
CVSS v2 : 2.1
v3 : unknown
v2 : 2.1
v3 : 7.1

Information

Published : 2005-12-31 05:00

Updated : 2024-02-16 14:10


NVD link : CVE-2005-4868

Mitre link : CVE-2005-4868

CVE.ORG link : CVE-2005-4868


JSON object : View

Products Affected

ibm

  • db2_universal_database

microsoft

  • windows
CWE
CWE-732

Incorrect Permission Assignment for Critical Resource