CVEブラウザに戻る

CVE-2011-4061

MEDIUM

6.9

CVSS Severity Score

EPSS Score0.0810%

EPSS Percentile11.74th

Published2011年10月18日

Last Modified2026年4月29日

Vulnerability Description

Multiple untrusted search path vulnerabilities in (1) db2rspgn and (2) kbbacf1 in IBM DB2 Express Edition 9.7, as used in the IBM Tivoli Monitoring for Databases: DB2 Agent, allow local users to gain privileges via a Trojan horse libkbb.so in the current working directory, related to the DT_RPATH ELF header.

Affected Platforms (CPE)

📦

Ibm

Db2

= 9.7

📦

Ibm

Tivoli Monitoring For Databases

All versions

References & Advisories

🔗 http://securityreason.com/securityalert/8476

🔗 http://www.nth-dimension.org.uk/downloads.php?id=77

🔗 http://www.nth-dimension.org.uk/downloads.php?id=83

🔗 http://www.securityfocus.com/archive/1/518659

🔗 http://www.securityfocus.com/bid/48514

🔗 http://www.securityfocus.com/bid/51181

🔗 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14063

🔗 http://securityreason.com/securityalert/8476

関連する脆弱性情報

CVE-2007-258210.0

Multiple buffer overflows in the DB2 JDBC Applet Server (DB2JDS) service in IBM DB2 9.x and earlier allow remote attackers to (1) ...

CVE-2005-486510.0

Stack-based buffer overflow in call in IBM DB2 7.x and 8.1 allows remote attackers to execute arbitrary code via a long libname.

CVE-2005-041710.0

Unknown "high risk" vulnerability in DB2 Universal Database 8.1 and earlier has unknown impact and attack vectors. NOTE: due to t...

CVE-2007-605110.0

IBM DB2 UDB 9.1 before Fixpak 4 assigns incorrect privileges to the (1) DB2ADMNS and (2) DB2USERS alternative groups, which has un...