CVE-2005-4868 : Shared memory sections and events in IBM DB2 8.1 have default permissions of read and write for the Everyone group, whic

Shared memory sections and events in IBM DB2 8.1 have default permissions of read and write for the Everyone group, which allows local users to gain unauthorized access, gain sensitive information, such as cleartext passwords, and cause a denial of service.

Published 2005-12-31 05:00:00

Updated 2024-02-16 14:10:26

Source MITRE

View at NVD, CVE.org

Vulnerability category: BypassDenial of service

Exploit prediction scoring system (EPSS) score for CVE-2005-4868

Probability of exploitation activity in the next 30 days: 0.04%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 7 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2005-4868

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
2.1	LOW	AV:L/AC:L/Au:N/C:P/I:N/A:N	3.9	2.9	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
7.1	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H	1.8	5.2	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: High

CWE ids for CVE-2005-4868

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Assigned by: nvd@nist.gov (Primary)
CWE-732 Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2005-4868

http://marc.info/?l=bugtraq&m=110495402231836&w=2

'IBM DB2 Windows Permission Problems (#NISR05012005F)' - MARC
Mailing List
http://www-1.ibm.com/support/docview.wss?uid=swg21181228

IBM notice: The page you requested cannot be displayed
Broken Link

CVEs referencing this url
https://exchange.xforce.ibmcloud.com/vulnerabilities/17605

IBM DB2 Everyone Group gain unauthorized access CVE-2005-4868 Vulnerability Report
Third Party Advisory;VDB Entry
http://www.nextgenss.com/advisories/db205012005F.txt

Not Applicable
http://secunia.com/advisories/12733/

About Secunia Research | Flexera
Broken Link;Vendor Advisory
http://www.securityfocus.com/bid/11402

Broken Link;Patch;Third Party Advisory;VDB Entry

Products affected by CVE-2005-4868

IBM » Db2 Universal Database » Version: 8.0
cpe:2.3:a:ibm:db2_universal_database:8.0:*:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Windows » Version: N/A
IBM » Db2 Universal Database » Version: 7.1
cpe:2.3:a:ibm:db2_universal_database:7.1:*:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Windows » Version: N/A
IBM » Db2 Universal Database » Version: 7.2
cpe:2.3:a:ibm:db2_universal_database:7.2:*:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Windows » Version: N/A
IBM » Db2 Universal Database » Version: 8.1
cpe:2.3:a:ibm:db2_universal_database:8.1:*:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Windows » Version: N/A

Vulnerability Details : CVE-2005-4868

Exploit prediction scoring system (EPSS) score for CVE-2005-4868

CVSS scores for CVE-2005-4868

CWE ids for CVE-2005-4868

References for CVE-2005-4868

Products affected by CVE-2005-4868