Vulnerability Details : CVE-2009-4334
The Self Tuning Memory Manager (STMM) component in IBM DB2 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 uses 0666 permissions for the STMM log file, which allows local users to cause a denial of service or have unspecified other impact by writing to this file.
Vulnerability category: Denial of service
Products affected by CVE-2009-4334
- cpe:2.3:a:ibm:db2:9.1:fp1:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.1:fp2:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.1:fp3:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.1:fp3a:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.1:fp4:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.1:fp4a:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.5:fp1:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.1:fp5:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.1:fp6:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.5:fp2:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.5:fp3:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.1:fp6a:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.1:fp7:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.5:fp2a:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.5:fp3a:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.5:fp3b:*:*:*:*:*:*
Threat overview for CVE-2009-4334
Top countries where our scanners detected CVE-2009-4334
Top open port discovered on systems with this issue
523
IPs affected by CVE-2009-4334 41
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2009-4334!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2009-4334
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 12 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2009-4334
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.6
|
MEDIUM | AV:L/AC:L/Au:N/C:P/I:P/A:P |
3.9
|
6.4
|
NIST |
CWE ids for CVE-2009-4334
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2009-4334
-
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT
-
http://www.vupen.com/english/advisories/2009/3520
Vendor Advisory
-
http://secunia.com/advisories/37759
Vendor Advisory
-
http://www-01.ibm.com/support/docview.wss?uid=swg1IZ48106
-
http://www-01.ibm.com/support/docview.wss?uid=swg1IC64019
-
http://www-01.ibm.com/support/docview.wss?uid=swg21412902
IBM notice: The page you requested cannot be displayedVendor Advisory
-
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v97/APARLIST.TXT
-
http://www-01.ibm.com/support/docview.wss?uid=swg21293566
Patch
-
http://www.securityfocus.com/bid/37332
-
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT
-
http://www-01.ibm.com/support/docview.wss?uid=swg1IZ50355
Jump to