CVE-2009-4334

The Self Tuning Memory Manager (STMM) component in IBM DB2 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 uses 0666 permissions for the STMM log file, which allows local users to cause a denial of service or have unspecified other impact by writing to this file.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ibm:db2:9.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.1:fp1:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.1:fp2:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.1:fp3:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.1:fp3a:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.1:fp4:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.1:fp4a:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.1:fp5:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.1:fp6:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.1:fp6a:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.1:fp7:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.5:fp1:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.5:fp2:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.5:fp2a:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.5:fp3:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.5:fp3a:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.5:fp3b:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*

History

21 Nov 2024, 01:09

Type Values Removed Values Added
References () ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT - () ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT -
References () ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT - () ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT -
References () ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v97/APARLIST.TXT - () ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v97/APARLIST.TXT -
References () http://secunia.com/advisories/37759 - Vendor Advisory () http://secunia.com/advisories/37759 - Vendor Advisory
References () http://www-01.ibm.com/support/docview.wss?uid=swg1IC64019 - () http://www-01.ibm.com/support/docview.wss?uid=swg1IC64019 -
References () http://www-01.ibm.com/support/docview.wss?uid=swg1IZ48106 - () http://www-01.ibm.com/support/docview.wss?uid=swg1IZ48106 -
References () http://www-01.ibm.com/support/docview.wss?uid=swg1IZ50355 - () http://www-01.ibm.com/support/docview.wss?uid=swg1IZ50355 -
References () http://www-01.ibm.com/support/docview.wss?uid=swg21293566 - Patch () http://www-01.ibm.com/support/docview.wss?uid=swg21293566 - Patch
References () http://www-01.ibm.com/support/docview.wss?uid=swg21412902 - Vendor Advisory () http://www-01.ibm.com/support/docview.wss?uid=swg21412902 - Vendor Advisory
References () http://www.securityfocus.com/bid/37332 - () http://www.securityfocus.com/bid/37332 -
References () http://www.vupen.com/english/advisories/2009/3520 - Vendor Advisory () http://www.vupen.com/english/advisories/2009/3520 - Vendor Advisory

Information

Published : 2009-12-16 18:30

Updated : 2024-11-21 01:09


NVD link : CVE-2009-4334

Mitre link : CVE-2009-4334

CVE.ORG link : CVE-2009-4334


JSON object : View

Products Affected

ibm

  • db2
CWE
CWE-264

Permissions, Privileges, and Access Controls