fkie_cve-2009-3471
Vulnerability from fkie_nvd
Published
2009-09-29 21:30
Modified
2025-04-09 00:30
Severity ?
Summary
IBM DB2 8 before FP18, 9.1 before FP8, 9.5 before FP4, and 9.7 before FP2 does not perform the expected drops of certain table functions upon a loss of privileges by the functions' definers, which has unspecified impact and remote attack vectors.
References
cve@mitre.orgftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT
cve@mitre.orghttp://osvdb.org/58477
cve@mitre.orghttp://secunia.com/advisories/36890Vendor Advisory
cve@mitre.orghttp://www-01.ibm.com/support/docview.wss?uid=swg1IC63548
cve@mitre.orghttp://www-01.ibm.com/support/docview.wss?uid=swg1IZ46658
cve@mitre.orghttp://www-01.ibm.com/support/docview.wss?uid=swg1IZ46773
cve@mitre.orghttp://www-01.ibm.com/support/docview.wss?uid=swg1IZ46774
cve@mitre.orghttp://www-01.ibm.com/support/docview.wss?uid=swg21386689Vendor Advisory
cve@mitre.orghttp://www-01.ibm.com/support/docview.wss?uid=swg21403619Vendor Advisory
cve@mitre.orghttp://www-01.ibm.com/support/docview.wss?uid=swg21426108
cve@mitre.orghttp://www-01.ibm.com/support/docview.wss?uid=swg21432298
cve@mitre.orghttp://www.securityfocus.com/bid/36540
af854a3a-2127-422b-91ae-364da2661108ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/58477
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/36890Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IC63548
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IZ46658
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IZ46773
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IZ46774
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21386689Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21403619Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21426108
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21432298
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/36540
Impacted products
Vendor Product Version
ibm db2 8.0
ibm db2 8.0
ibm db2 8.0
ibm db2 8.0
ibm db2 8.0
ibm db2 8.0
ibm db2 8.0
ibm db2 8.0
ibm db2 8.0
ibm db2 8.0
ibm db2 8.0
ibm db2 8.0
ibm db2 8.0
ibm db2 8.0
ibm db2 8.0
ibm db2 8.0
ibm db2 8.0
ibm db2 9.1
ibm db2 9.1
ibm db2 9.1
ibm db2 9.1
ibm db2 9.1
ibm db2 9.1
ibm db2 9.1
ibm db2 9.5
ibm db2 9.5
ibm db2 9.5


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "DE35AE57-E7D6-4CD0-AE86-D414009C361E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp10:*:*:*:*:*:*",
              "matchCriteriaId": "FBE50207-5779-445A-B3E7-FA548242BD8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp11:*:*:*:*:*:*",
              "matchCriteriaId": "940D9A1D-DD61-4C78-8ADC-434F78E5626B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp12:*:*:*:*:*:*",
              "matchCriteriaId": "2185F942-DCEC-4EE4-840E-62C4C6F1D6FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp13:*:*:*:*:*:*",
              "matchCriteriaId": "333F67D2-27CC-4013-B3FA-63BF6F557269",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp14:*:*:*:*:*:*",
              "matchCriteriaId": "77D67C50-31B6-4058-9B4D-F06EF8D9B3BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp15:*:*:*:*:*:*",
              "matchCriteriaId": "5AA59598-F121-491D-BE8C-D7712A3D6E99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp16:*:*:*:*:*:*",
              "matchCriteriaId": "E0252A93-49D5-4C5E-B774-8400526CA813",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp17:*:*:*:*:*:*",
              "matchCriteriaId": "4EC433D0-58E3-4744-BAB4-421BC5C3F04C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "72FA9A16-8AFD-4D93-95B4-EAB6E6030D7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "BB299EAB-31AA-4BAA-B477-0F909A8418AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "6FD22E1E-F5BC-45D5-98F4-EDEE87D718F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "222C1B84-0C28-451F-BB02-4CB925263312",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp6:*:*:*:*:*:*",
              "matchCriteriaId": "08177181-660C-4BF4-9031-74EE89297CE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp7:*:*:*:*:*:*",
              "matchCriteriaId": "0B5FF14E-2971-4F3F-AD25-D00B0FEDA08F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp8:*:*:*:*:*:*",
              "matchCriteriaId": "19584860-5ADF-4647-AF39-88C236407FAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.0:fp9:*:*:*:*:*:*",
              "matchCriteriaId": "20FE296C-25D0-4689-BAA3-AFCA2C1CC388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "2AF419E7-F2B5-4E2A-B85D-C0EC6C1DEA4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "95BBA3F1-C276-4C30-BFE5-9CE212BEBEFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "4DF01163-F805-4FC8-9836-462034D1B5CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "757E30FB-2EFB-4B3D-9931-17D584D433A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "47455B4A-6E10-417F-9974-B0AA7F3180FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp6:*:*:*:*:*:*",
              "matchCriteriaId": "84156C5B-EFC6-4733-A868-C3C51CFBA7CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.1:fp7:*:*:*:*:*:*",
              "matchCriteriaId": "3D511307-1EBB-408B-BCDE-C6BEFCF154C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "58147402-53D5-4F15-862B-EE3DCCD75E2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "D3F3CB5E-D4FB-4C03-B108-06CC358B1F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:9.5:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "84C925CD-E753-401F-9EC0-6E3D9861C818",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 8 before FP18, 9.1 before FP8, 9.5 before FP4, and 9.7 before FP2 does not perform the expected drops of certain table functions upon a loss of privileges by the functions\u0027 definers, which has unspecified impact and remote attack vectors."
    },
    {
      "lang": "es",
      "value": "IBM DB2 v8 anterior a FP18, v9.1 anterior a FP8, y v9.5 anterior a FP4 no realiza los borrados esperados de ciertas funciones de tabla por una perdida de privilegios por las definiciones de las funciones, lo cual tiene un impacto no especificado y vectores de ataque a distancia."
    }
  ],
  "id": "CVE-2009-3471",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-09-29T21:30:00.327",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/58477"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/36890"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC63548"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ46658"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ46773"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ46774"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21386689"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21403619"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21426108"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21432298"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/36540"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/58477"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/36890"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC63548"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ46658"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ46773"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ46774"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21386689"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21403619"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21426108"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21432298"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/36540"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.