CVE-2011-4061

Multiple untrusted search path vulnerabilities in (1) db2rspgn and (2) kbbacf1 in IBM DB2 Express Edition 9.7, as used in the IBM Tivoli Monitoring for Databases: DB2 Agent, allow local users to gain privileges via a Trojan horse libkbb.so in the current working directory, related to the DT_RPATH ELF header.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.9 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 34%
VendorProductVersion
ibmdb2
9.7
ibmtivoli_monitoring_for_databases
*
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
db2exc
zesty
dne
yakkety
dne
xenial
dne
wily
dne
vivid
dne
utopic
dne
trusty
dne
saucy
dne
raring
dne
quantal
dne
precise
ignored
oneiric
dne
natty
dne
lucid
ignored
hardy
ignored
References
http://securityreason.com/securityalert/8476
http://www.nth-dimension.org.uk/downloads.php?id=77
http://www.nth-dimension.org.uk/downloads.php?id=83
http://www.securityfocus.com/archive/1/518659
http://www.securityfocus.com/bid/48514
http://www.securityfocus.com/bid/51181
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14063
http://securityreason.com/securityalert/8476
http://www.nth-dimension.org.uk/downloads.php?id=77
http://www.nth-dimension.org.uk/downloads.php?id=83
http://www.securityfocus.com/archive/1/518659
http://www.securityfocus.com/bid/48514
http://www.securityfocus.com/bid/51181
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14063