CVE-2007-1027

Certain setuid DB2 binaries in IBM DB2 before 9 Fix Pack 2 for Linux and Unix allow local users to overwrite arbitrary files via a symlink attack on the DB2DIAG.LOG temporary file.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ibm:db2:9.0:*:linux:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.0:*:unix:*:*:*:*:*

History

No history.

Information

Published : 2007-02-21 11:28

Updated : 2024-02-28 11:01


NVD link : CVE-2007-1027

Mitre link : CVE-2007-1027

CVE.ORG link : CVE-2007-1027


JSON object : View

Products Affected

ibm

  • db2
CWE
CWE-59

Improper Link Resolution Before File Access ('Link Following')