Executive Summary
This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations | |||
---|---|---|---|
Name | CVE-2005-4868 | First vendor Publication | 2005-12-31 |
Vendor | Cve | Last vendor Modification | 2024-11-21 |
Security-Database Scoring CVSS v3
Cvss vector : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H | |||
---|---|---|---|
Overall CVSS Score | 7.1 | ||
Base Score | 7.1 | Environmental Score | 7.1 |
impact SubScore | 5.2 | Temporal Score | 7.1 |
Exploitabality Sub Score | 1.8 | ||
Attack Vector | Local | Attack Complexity | Low |
Privileges Required | Low | User Interaction | None |
Scope | Unchanged | Confidentiality Impact | High |
Integrity Impact | None | Availability Impact | High |
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:P/I:N/A:N) | |||
---|---|---|---|
Cvss Base Score | 2.1 | Attack Range | Local |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Shared memory sections and events in IBM DB2 8.1 have default permissions of read and write for the Everyone group, which allows local users to gain unauthorized access, gain sensitive information, such as cleartext passwords, and cause a denial of service. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4868 |
CAPEC : Common Attack Pattern Enumeration & Classification
Id | Name |
---|---|
CAPEC-1 | Accessing Functionality Not Properly Constrained by ACLs |
CAPEC-17 | Accessing, Modifying or Executing Executable Files |
CAPEC-60 | Reusing Session IDs (aka Session Replay) |
CAPEC-61 | Session Fixation |
CAPEC-62 | Cross Site Request Forgery (aka Session Riding) |
CAPEC-122 | Exploitation of Authorization |
CAPEC-180 | Exploiting Incorrectly Configured Access Control Security Levels |
CAPEC-232 | Exploitation of Privilege/Trust |
CAPEC-234 | Hijacking a privileged process |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-732 | Incorrect Permission Assignment for Critical Resource (CWE/SANS Top 25) |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 4 |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
10523 | IBM DB2 Everyone Group Arbitrary File Access DB2 contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered in the Windows version when the 'Everyone' group is granted read and write access to certain DB2 resources, which could allow a malicious user to gain access to plaintext Windows user names and passwords from the 'DB2SHMSECURITYSERVICE' section resulting in a loss of confidentiality and/or integrity. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2004-10-17 | Name : The remote database server is affected by multiple vulnerabilities. File : db2_multiple_vulns.nasl - Type : ACT_DENIAL |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2024-11-28 23:21:18 |
|
2024-11-28 12:08:07 |
|
2024-02-16 17:28:19 |
|
2021-05-04 12:03:33 |
|
2021-04-22 01:03:50 |
|
2020-05-23 00:17:15 |
|
2017-08-17 09:22:19 |
|
2017-07-29 12:01:32 |
|
2016-10-18 12:01:53 |
|
2016-04-26 14:10:20 |
|
2014-02-17 10:34:09 |
|
2013-05-11 11:39:24 |
|