CVE-2007-1027 — Link Following in IBM DB2

CWE-59 — Link Following3 documents3 sources

Severity

4.4MEDIUMNVD

EPSS

0.0%

top 85.26%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM DB2

Timeline

PublishedFeb 21

Latest updateMay 1

Description

Certain setuid DB2 binaries in IBM DB2 before 9 Fix Pack 2 for Linux and Unix allow local users to overwrite arbitrary files via a symlink attack on the DB2DIAG.LOG temporary file.

CVSS vector

AV:L/AC:M/C:P/I:P/A:PExploitability: 3.4 | Impact: 6.4

Affected Packages1 packages

▶NVDibm/db29.0

🔴Vulnerability Details

GHSA

GHSA-737q-974q-j2p4: Certain setuid DB2 binaries in IBM DB2 before 9 Fix Pack 2 for Linux and Unix allow local users to overwrite arbitrary files via a symlink attack on t↗2022-05-01

▶

CVEList

CVE-2007-1027: Certain setuid DB2 binaries in IBM DB2 before 9 Fix Pack 2 for Linux and Unix allow local users to overwrite arbitrary files via a symlink attack on t↗2007-02-21

▶