CVE-2007-1089

IBM DB2 Universal Database (UDB) 9.1 GA through 9.1 FP1 allows local users with table SELECT privileges to perform unauthorized UPDATE and DELETE SQL commands via unknown vectors.

CVSS v2.0 7.2 HIGH

7.2^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://secunia.com/advisories/24283	Patch
http://www-1.ibm.com/support/docview.wss?uid=swg1JR25941	Patch
http://www.attrition.org/pipermail/vim/2007-August/001765.html
http://www.vupen.com/english/advisories/2007/0721

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:linux:linux_kernel:2.6.18.0:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.18.1:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.18.2:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.18.3:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.18.4:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.18.5:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.18.6:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.18.7:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.19:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.19.1:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.19.2:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.19.3:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.19.4:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.20:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.20.1:::::::*
	cpe:2.3:o:microsoft:windows_xp::::::::

OR	cpe:2.3:a:ibm:db2_universal_database:::aix:::::*
	cpe:2.3:a:ibm:db2_universal_database:9.1:ga::::::

History

No history.

Information

Published : 2007-02-23 22:28

Updated : 2018-10-30 16:25

NVD link : CVE-2007-1089

Mitre link : CVE-2007-1089

CVE.ORG link : CVE-2007-1089

JSON object : View

Products Affected

ibm

db2_universal_database

linux

linux_kernel

microsoft

windows_xp

CWE

NVD-CWE-Other

{"id": "CVE-2007-1089", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-02-23T22:28:00.000", "references": [{"url": "http://secunia.com/advisories/24283", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1JR25941", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.attrition.org/pipermail/vim/2007-August/001765.html", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/0721", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "IBM DB2 Universal Database (UDB) 9.1 GA through 9.1 FP1 allows local users with table SELECT privileges to perform unauthorized UPDATE and DELETE SQL commands via unknown vectors."}, {"lang": "es", "value": "IBM DB2 Universal Database (UDB) 9.1 GA hasta 9.1 FP1 permite a usuarios locales con privilegios en la tabla SELECT realizar los comandos no autorizados SQL: UPDATE y DELETEa trav\u00e9s de vectores desconocidos."}], "lastModified": "2018-10-30T16:25:10.013", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.18.0:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7A252C50-D63A-4FC0-A51E-A63A939D6AA1"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.18.1:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D08CBC56-C820-4513-ABEC-1ABB3EFC3A15"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.18.2:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "338BB401-8831-4094-9186-2B3CFA5903D3"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.18.3:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1E32E6BA-AFEF-44A8-B230-87DD043BB222"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.18.4:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F69E575B-BD1A-4E50-8D6F-131D5E08058E"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.18.5:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "20F6269B-5F6B-4413-B14D-7AE5442E4CCD"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.18.6:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "189D1246-F975-4411-A58B-343ED90485FD"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.18.7:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1B914F7F-C6BD-4527-B1E9-7FD1E337A18C"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.19:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "179147E4-5247-451D-9409-545D661BC158"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.19.1:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6554469E-F6AE-4EB0-880E-CBFD196FEE31"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.19.2:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2F99CFC1-DCCE-47B9-98EF-84AEDAECE02E"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.19.3:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C20367B0-F722-4442-8B59-ABB0FEDB8CC8"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.19.4:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "86A98A70-51E3-4556-8DC4-DD09CF370D1A"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.20:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C6940324-0383-4510-BA55-770E0A6B80B7"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.20.1:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1E3313D5-52E8-49B3-B145-170D9A26DA43"}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E61F1C9B-44AF-4B35-A7B2-948EEF7639BD"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:db2_universal_database:*:*:aix:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "93775368-AD06-4B91-B783-EFEAC0C6697B", "versionEndIncluding": "9.1"}, {"criteria": "cpe:2.3:a:ibm:db2_universal_database:9.1:ga:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E3422821-0C01-4502-AD99-0AFE73751B3F"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}

7.2 /10