CVE-2007-5757
Severity CVSS v4.0:
Pending analysis
Type:
CWE-264
Permissions, Privileges, and Access Control
Publication date:
13/02/2008
Last modified:
09/04/2025
Description
Untrusted search path vulnerability in db2pd in IBM DB2 Universal Database (UDB) 8 before FixPak 16 and 9 before Fix Pack 4 allows local users to gain root privileges via a modified DB2INSTANCE environment variable that points to a malicious library. NOTE: this might be the same issue as CVE-2008-0697.
Impact
Base Score 2.0
6.90
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:ibm:db2_universal_database:*:fixpak_15:*:*:*:*:*:* | 8.0 (including) | |
| cpe:2.3:a:ibm:db2_universal_database:9.0:fixpak_3a:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=653
- http://securitytracker.com/id?1019319=
- http://www-1.ibm.com/support/docview.wss?uid=swg1IZ03546
- ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=653
- http://securitytracker.com/id?1019319=
- http://www-1.ibm.com/support/docview.wss?uid=swg1IZ03546