CyberSec.Space Logo
Back to CVE Browser

CVE-2011-4061

MEDIUM
6.9
CVSS Severity Score
EPSS Score0.0810%
EPSS Percentile11.74th
PublishedOct 18, 2011
Last ModifiedApr 29, 2026

Vulnerability Description

Multiple untrusted search path vulnerabilities in (1) db2rspgn and (2) kbbacf1 in IBM DB2 Express Edition 9.7, as used in the IBM Tivoli Monitoring for Databases: DB2 Agent, allow local users to gain privileges via a Trojan horse libkbb.so in the current working directory, related to the DT_RPATH ELF header.

Affected Platforms (CPE)

πŸ“¦
Ibm

Db2

= 9.7
πŸ“¦
Ibm

Tivoli Monitoring For Databases

All versions

References & Advisories

πŸ”— http://securityreason.com/securityalert/8476
πŸ”— http://www.nth-dimension.org.uk/downloads.php?id=77
πŸ”— http://www.nth-dimension.org.uk/downloads.php?id=83
πŸ”— http://www.securityfocus.com/archive/1/518659
πŸ”— http://www.securityfocus.com/bid/48514
πŸ”— http://www.securityfocus.com/bid/51181
πŸ”— https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14063
πŸ”— http://securityreason.com/securityalert/8476

Related Vulnerabilities

CVE-2007-258210.0

Multiple buffer overflows in the DB2 JDBC Applet Server (DB2JDS) service in IBM DB2 9.x and earlier allow remote attackers to (1) ...

CVE-2005-486510.0

Stack-based buffer overflow in call in IBM DB2 7.x and 8.1 allows remote attackers to execute arbitrary code via a long libname.

CVE-2005-041710.0

Unknown "high risk" vulnerability in DB2 Universal Database 8.1 and earlier has unknown impact and attack vectors. NOTE: due to t...

CVE-2007-605110.0

IBM DB2 UDB 9.1 before Fixpak 4 assigns incorrect privileges to the (1) DB2ADMNS and (2) DB2USERS alternative groups, which has un...