CVE-2008-1998

The NNSTAT (aka SYSPROC.NNSTAT) procedure in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 on Windows allows remote authenticated users to overwrite arbitrary files via the log file parameter.

CVSS v2.0 8.5 HIGH

8.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:S/C:C/I:C/A:C

Exploitability : 6.8 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://secunia.com/advisories/29022	Third Party Advisory
http://secunia.com/advisories/29784	Third Party Advisory
http://securityreason.com/securityalert/3840	Third Party Advisory
http://www-1.ibm.com/support/docview.wss?uid=swg1IZ06976	Vendor Advisory
http://www-1.ibm.com/support/docview.wss?uid=swg1IZ06977	Vendor Advisory
http://www-1.ibm.com/support/docview.wss?uid=swg1IZ10776	Vendor Advisory
http://www.appsecinc.com/resources/alerts/db2/2008-03.shtml	Third Party Advisory
http://www.securityfocus.com/archive/1/491073/100/0/threaded	Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/28836	Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/41960	Third Party Advisory VDB Entry
http://secunia.com/advisories/29022	Third Party Advisory
http://secunia.com/advisories/29784	Third Party Advisory
http://securityreason.com/securityalert/3840	Third Party Advisory
http://www-1.ibm.com/support/docview.wss?uid=swg1IZ06976	Vendor Advisory
http://www-1.ibm.com/support/docview.wss?uid=swg1IZ06977	Vendor Advisory
http://www-1.ibm.com/support/docview.wss?uid=swg1IZ10776	Vendor Advisory
http://www.appsecinc.com/resources/alerts/db2/2008-03.shtml	Third Party Advisory
http://www.securityfocus.com/archive/1/491073/100/0/threaded	Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/28836	Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/41960	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

OR	cpe:2.3:a:ibm:db2:8.0:fp1::::::
	cpe:2.3:a:ibm:db2:8.0:fp10::::::
	cpe:2.3:a:ibm:db2:8.0:fp11::::::
	cpe:2.3:a:ibm:db2:8.0:fp12::::::
	cpe:2.3:a:ibm:db2:8.0:fp13::::::
	cpe:2.3:a:ibm:db2:8.0:fp14::::::
	cpe:2.3:a:ibm:db2:8.0:fp15::::::
	cpe:2.3:a:ibm:db2:8.0:fp2::::::
	cpe:2.3:a:ibm:db2:8.0:fp3::::::
	cpe:2.3:a:ibm:db2:8.0:fp4::::::
	cpe:2.3:a:ibm:db2:8.0:fp5::::::
	cpe:2.3:a:ibm:db2:8.0:fp6::::::
	cpe:2.3:a:ibm:db2:8.0:fp6a::::::
	cpe:2.3:a:ibm:db2:8.0:fp6b::::::
	cpe:2.3:a:ibm:db2:8.0:fp6c::::::
	cpe:2.3:a:ibm:db2:8.0:fp7::::::
	cpe:2.3:a:ibm:db2:8.0:fp7a::::::
	cpe:2.3:a:ibm:db2:8.0:fp7b::::::
	cpe:2.3:a:ibm:db2:8.0:fp8::::::
	cpe:2.3:a:ibm:db2:8.0:fp8a::::::
	cpe:2.3:a:ibm:db2:8.0:fp9::::::
	cpe:2.3:a:ibm:db2:8.0:fp9a::::::
	cpe:2.3:a:ibm:db2:9.1:fp1::::::
	cpe:2.3:a:ibm:db2:9.1:fp2::::::
	cpe:2.3:a:ibm:db2:9.1:fp3::::::
	cpe:2.3:a:ibm:db2:9.1:fp3a::::::
	cpe:2.3:a:ibm:db2:9.1:fp4::::::
	cpe:2.3:a:ibm:db2:9.5:::::::*

History

21 Nov 2024, 00:45

Type	Values Removed	Values Added
References	~~() http://secunia.com/advisories/29022 - Third Party Advisory~~	() http://secunia.com/advisories/29022 - Third Party Advisory
References	~~() http://secunia.com/advisories/29784 - Third Party Advisory~~	() http://secunia.com/advisories/29784 - Third Party Advisory
References	~~() http://securityreason.com/securityalert/3840 - Third Party Advisory~~	() http://securityreason.com/securityalert/3840 - Third Party Advisory
References	~~() http://www-1.ibm.com/support/docview.wss?uid=swg1IZ06976 - Vendor Advisory~~	() http://www-1.ibm.com/support/docview.wss?uid=swg1IZ06976 - Vendor Advisory
References	~~() http://www-1.ibm.com/support/docview.wss?uid=swg1IZ06977 - Vendor Advisory~~	() http://www-1.ibm.com/support/docview.wss?uid=swg1IZ06977 - Vendor Advisory
References	~~() http://www-1.ibm.com/support/docview.wss?uid=swg1IZ10776 - Vendor Advisory~~	() http://www-1.ibm.com/support/docview.wss?uid=swg1IZ10776 - Vendor Advisory
References	~~() http://www.appsecinc.com/resources/alerts/db2/2008-03.shtml - Third Party Advisory~~	() http://www.appsecinc.com/resources/alerts/db2/2008-03.shtml - Third Party Advisory
References	~~() http://www.securityfocus.com/archive/1/491073/100/0/threaded - Third Party Advisory, VDB Entry~~	() http://www.securityfocus.com/archive/1/491073/100/0/threaded - Third Party Advisory, VDB Entry
References	~~() http://www.securityfocus.com/bid/28836 - Third Party Advisory, VDB Entry~~	() http://www.securityfocus.com/bid/28836 - Third Party Advisory, VDB Entry
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/41960 - Third Party Advisory, VDB Entry~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/41960 - Third Party Advisory, VDB Entry

Information

Published : 2008-04-28 20:05

Updated : 2024-11-21 00:45

NVD link : CVE-2008-1998

Mitre link : CVE-2008-1998

CVE.ORG link : CVE-2008-1998

JSON object : View

Products Affected

ibm

microsoft

windows

CWE

CWE-264

Permissions, Privileges, and Access Controls

8.5 /10