CVE-2009-4334
First published: Wed Dec 16 2009(Updated: )
The Self Tuning Memory Manager (STMM) component in IBM DB2 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 uses 0666 permissions for the STMM log file, which allows local users to cause a denial of service or have unspecified other impact by writing to this file.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM DB2 Universal Database | =9.1-fp4 | |
| IBM DB2 Universal Database | =9.5 | |
| IBM DB2 Universal Database | =9.1-fp6a | |
| IBM DB2 Universal Database | =9.1-fp1 | |
| IBM DB2 Universal Database | =9.1 | |
| IBM DB2 Universal Database | =9.1-fp5 | |
| IBM DB2 Universal Database | =9.5-fp1 | |
| IBM DB2 Universal Database | =9.1-fp3 | |
| IBM DB2 Universal Database | =9.1-fp3a | |
| IBM DB2 Universal Database | =9.5-fp2a | |
| IBM DB2 Universal Database | =9.1-fp6 | |
| IBM DB2 Universal Database | =9.1-fp2 | |
| IBM DB2 Universal Database | =9.1-fp4a | |
| IBM DB2 Universal Database | =9.5-fp3b | |
| IBM DB2 Universal Database | =9.5-fp2 | |
| IBM DB2 Universal Database | =9.7 | |
| IBM DB2 Universal Database | =9.1-fp7 | |
| IBM DB2 Universal Database | =9.5-fp3 | |
| IBM DB2 Universal Database | =9.5-fp3a |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www-01.ibm.com/support/docview.wss?uid=swg1IC64019
- http://secunia.com/advisories/37759
- http://www-01.ibm.com/support/docview.wss?uid=swg21412902
- http://www-01.ibm.com/support/docview.wss?uid=swg1IZ48106
- http://www.securityfocus.com/bid/37332
- http://www.vupen.com/english/advisories/2009/3520
- http://www-01.ibm.com/support/docview.wss?uid=swg1IZ50355
- http://www-01.ibm.com/support/docview.wss?uid=swg21293566
Frequently Asked Questions
What is the severity of CVE-2009-4334?
CVE-2009-4334 is rated as a medium severity vulnerability due to the potential denial of service and unauthorized access risks it poses.
How do I fix CVE-2009-4334?
To fix CVE-2009-4334, update IBM DB2 to versions 9.1 FP8, 9.5 FP5, or 9.7 FP1 or later.
What versions of IBM DB2 are affected by CVE-2009-4334?
CVE-2009-4334 affects IBM DB2 versions 9.1 up to FP7, 9.5 up to FP4, and 9.7 up to FP1.
What impact does CVE-2009-4334 have on IBM DB2 users?
CVE-2009-4334 can allow local users to write to the STMM log file, potentially leading to a denial of service.
Where can I find more information about CVE-2009-4334?
Detailed information regarding CVE-2009-4334 can typically be found in security advisories and IBM’s official documentation.
- agent/references
- agent/type
- agent/author
- agent/remedy
- agent/severity
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/ibm
- canonical/ibm db2 universal database
- version/ibm db2 universal database/9.1-fp4
- version/ibm db2 universal database/9.5
- version/ibm db2 universal database/9.1-fp6a
- version/ibm db2 universal database/9.1-fp1
- version/ibm db2 universal database/9.1
- version/ibm db2 universal database/9.1-fp5
- version/ibm db2 universal database/9.5-fp1
- version/ibm db2 universal database/9.1-fp3
- version/ibm db2 universal database/9.1-fp3a
- version/ibm db2 universal database/9.5-fp2a
- version/ibm db2 universal database/9.1-fp6
- version/ibm db2 universal database/9.1-fp2
- version/ibm db2 universal database/9.1-fp4a
- version/ibm db2 universal database/9.5-fp3b
- version/ibm db2 universal database/9.5-fp2
- version/ibm db2 universal database/9.7
- version/ibm db2 universal database/9.1-fp7
- version/ibm db2 universal database/9.5-fp3
- version/ibm db2 universal database/9.5-fp3a