CVE-2009-4326

EUVD-2009-4294
The RAND scalar function in the Common Code Infrastructure component in IBM DB2 9.5 before FP5 and 9.7 before FP1, when the Database Partitioning Feature (DPF) is used, produces "repeating" return values, which might allow attackers to defeat protection mechanisms based on randomization by predicting a value.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 70%
Affected Products (NVD)
VendorProductVersion
ibmdb2
9.5
ibmdb2
9.5:fp1
ibmdb2
9.5:fp2
ibmdb2
9.5:fp2a
ibmdb2
9.5:fp3
ibmdb2
9.5:fp3a
ibmdb2
9.5:fp3b
ibmdb2
9.7
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v97/APARLIST.TXT
http://secunia.com/advisories/37759
http://www-01.ibm.com/support/docview.wss?uid=swg1IC63946
http://www-01.ibm.com/support/docview.wss?uid=swg1IZ44872
http://www-01.ibm.com/support/docview.wss?uid=swg21293566
http://www-01.ibm.com/support/docview.wss?uid=swg21412902
http://www.securityfocus.com/bid/37332
http://www.vupen.com/english/advisories/2009/3520
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v97/APARLIST.TXT
http://secunia.com/advisories/37759
http://www-01.ibm.com/support/docview.wss?uid=swg1IC63946
http://www-01.ibm.com/support/docview.wss?uid=swg1IZ44872
http://www-01.ibm.com/support/docview.wss?uid=swg21293566
http://www-01.ibm.com/support/docview.wss?uid=swg21412902
http://www.securityfocus.com/bid/37332
http://www.vupen.com/english/advisories/2009/3520