Vulnerability Description
The routine infrastructure component in IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP1 on Unix and Linux does not change the ownership of the db2fmp process, which has unknown impact and attack vectors.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Db2 Universal Database | <= 8 |
Related Weaknesses (CWE)
References
- ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APA
- ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APA
- http://secunia.com/advisories/29784Vendor Advisory
- http://secunia.com/advisories/31787Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg1IZ19155Patch
- http://www-1.ibm.com/support/docview.wss?uid=swg1IZ20350
- http://www-1.ibm.com/support/docview.wss?uid=swg1IZ20352Patch
- http://www-1.ibm.com/support/docview.wss?uid=swg21255607Patch
- http://www.securityfocus.com/bid/29601Patch
- http://www.securityfocus.com/bid/31058
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45140
- ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APA
- ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APA
- http://secunia.com/advisories/29784Vendor Advisory
- http://secunia.com/advisories/31787Vendor Advisory
FAQ
What is CVE-2008-3856?
CVE-2008-3856 is a vulnerability with a CVSS score of 7.5 (HIGH). The routine infrastructure component in IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP1 on Unix and Linux does not change the ownership of the db2fmp process, which has unknown impact and at...
How severe is CVE-2008-3856?
CVE-2008-3856 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-3856?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Db2 Universal Database.