CVE-2007-5757

CWE-2643 documents3 sources

Severity

6.9MEDIUM

EPSS

0.1%

top 81.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM DB2 Universal Database

Timeline

PublishedFeb 13

Latest updateMay 3

Description

Untrusted search path vulnerability in db2pd in IBM DB2 Universal Database (UDB) 8 before FixPak 16 and 9 before Fix Pack 4 allows local users to gain root privileges via a modified DB2INSTANCE environment variable that points to a malicious library. NOTE: this might be the same issue as CVE-2008-0697.

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0

Affected Packages1 packages

▶NVDibm/db2_universal_database8.0+1

Patches

Patch: labs.idefense.com ↗Patch: labs.idefense.com ↗

🔴Vulnerability Details

GHSA

GHSA-f3hj-cxhf-cvrg: Untrusted search path vulnerability in db2pd in IBM DB2 Universal Database (UDB) 8 before FixPak 16 and 9 before Fix Pack 4 allows local users to gain↗2022-05-03

▶

CVEList

CVE-2007-5757: Untrusted search path vulnerability in db2pd in IBM DB2 Universal Database (UDB) 8 before FixPak 16 and 9 before Fix Pack 4 allows local users to gain↗2008-02-12

▶