CVE-2009-4438 Information
Description
The Query Compiler Rewrite and Optimizer component in IBM DB2 9.1 before FP8 9.5 before FP5 and 9.7 before FP1 does not enforce privilege requirements for access to a (1) sequence or (2) global-variable object which allows remote authenticated users to make use of data via unspecified vectors.
Reference
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT http://secunia.com/advisories/37759 http://www.securityfocus.com/bid/37332 http://www.vupen.com/english/advisories/2009/3520 http://www-01.ibm.com/support/docview.wss?uid=swg1IC62543 http://www-01.ibm.com/support/docview.wss?uid=swg1IC62583 http://www-01.ibm.com/support/docview.wss?uid=swg1IC64852 http://www-01.ibm.com/support/docview.wss?uid=swg21293566 http://www-01.ibm.com/support/docview.wss?uid=swg21412902
Share on: