Vulnerability Details : CVE-2009-4438

The Query Compiler, Rewrite, and Optimizer component in IBM DB2 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 does not enforce privilege requirements for access to a (1) sequence or (2) global-variable object, which allows remote authenticated users to make use of data via unspecified vectors.
Publish Date : 2009-12-28 Last Update Date : 2010-06-29

Collapse All Expand All Select Select&Copy	Scroll To Vendor Statements(0) Additional Vendor Data(0) OVAL Definitions(0) Vulnerable Products(0) # Of Vulns By Products References(0) Metasploit Modules(0)	Comments View User Comments Add Comment	External Links Secunia Advisories XForce Advisories Vulnerability Details at NVD Vulnerability Details at Mitre Nessus Plugins Linux Kernel Git Repository First CVSS Guide
Search Twitter Search YouTube Search Google

- CVSS Scores & Vulnerability Types

CVSS Score	6.5
Confidentiality Impact	Partial (There is considerable informational disclosure.)
Integrity Impact	Partial (Modification of some system files or information is possible, but the attacker does not have control over what can be modified, or the scope of what the attacker can affect is limited.)
Availability Impact	Partial (There is reduced performance or interruptions in resource availability.)
Access Complexity	Low (Specialized access conditions or extenuating circumstances do not exist. Very little knowledge or skill is required to exploit. )
Authentication	Single system (The vulnerability requires an attacker to be logged into the system (such as at a command line or via a desktop session or web interface).)
Gained Access	User
Vulnerability Type(s)
CWE ID	264

- Products Affected By CVE-2009-4438

#	Product Type	Vendor	Product	Version	Update
1	Application	IBM	DB2	9.1	FP5	Version Details Vulnerabilities
2	Application	IBM	DB2	9.1	FP3	Version Details Vulnerabilities
3	Application	IBM	DB2	9.1	Fp6a	Version Details Vulnerabilities
4	Application	IBM	DB2	9.1	Fp3a	Version Details Vulnerabilities
5	Application	IBM	DB2	9.1	FP6	Version Details Vulnerabilities
6	Application	IBM	DB2	9.1	FP2	Version Details Vulnerabilities
7	Application	IBM	DB2	9.1	FP7	Version Details Vulnerabilities
8	Application	IBM	DB2	9.1	FP1	Version Details Vulnerabilities
9	Application	IBM	DB2	9.1	Fp4a	Version Details Vulnerabilities
10	Application	IBM	DB2	9.1	FP4	Version Details Vulnerabilities
11	Application	IBM	DB2	9.5	FP3	Version Details Vulnerabilities
12	Application	IBM	DB2	9.5	Fp2a	Version Details Vulnerabilities
13	Application	IBM	DB2	9.5	Fp3a	Version Details Vulnerabilities
14	Application	IBM	DB2	9.5	Fp4a	Version Details Vulnerabilities
15	Application	IBM	DB2	9.5	FP1	Version Details Vulnerabilities
16	Application	IBM	DB2	9.5	FP4	Version Details Vulnerabilities
17	Application	IBM	DB2	9.5	FP2	Version Details Vulnerabilities
18	Application	IBM	DB2	9.5	Fp3b	Version Details Vulnerabilities
19	Application	IBM	DB2	9.7		Version Details Vulnerabilities

- Number Of Affected Versions By Product

Vendor	Product	Vulnerable Versions
IBM	DB2	19

- References For CVE-2009-4438

http://www-01.ibm.com/support/docview.wss?uid=swg1IC62543
AIXAPAR IC62543

http://www-01.ibm.com/support/docview.wss?uid=swg1IC62583
AIXAPAR IC62583

http://secunia.com/advisories/37759
SECUNIA 37759

ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT CONFIRM

http://www-01.ibm.com/support/docview.wss?uid=swg21293566 CONFIRM

http://www.securityfocus.com/bid/37332
BID 37332 IBM DB2 prior to 9.5 Fix Pack 5 Multiple Unspecified Security Vulnerabilities Release Date:2009-12-15

http://www-01.ibm.com/support/docview.wss?uid=swg21412902 CONFIRM

http://www-01.ibm.com/support/docview.wss?uid=swg1IC64852
AIXAPAR IC64852

http://www.vupen.com/english/advisories/2009/3520
VUPEN ADV-2009-3520

- Metasploit Modules Related To CVE-2009-4438

There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information)