CVE-2007-5664

db2dasrrm in the DB2 Administration Server (DAS) in IBM DB2 Universal Database 9.5 before Fix Pack 1, 9.1 before Fix Pack 4a, and 8 before FixPak 16 allows local users to overwrite arbitrary files via a symlink attack on files used for initialization.

Weakness

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

Affected Software

Name	Vendor	Start Version	End Version
Db2_universal_database	Ibm	8 (including)	8 (including)
Db2_universal_database	Ibm	9.1 (including)	9.1 (including)
Db2_universal_database	Ibm	9.5 (including)	9.5 (including)

Potential Mitigations

Follow the principle of least privilege when assigning access rights to entities in a software system.
Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted.

https://cwe.mitre.org/data/definitions/132.html
https://cwe.mitre.org/data/definitions/17.html
https://cwe.mitre.org/data/definitions/35.html
https://cwe.mitre.org/data/definitions/76.html

References

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=688
http://secunia.com/advisories/29784
http://www.securityfocus.com/bid/27870
http://www.securitytracker.com/id?1019852
http://www.vupen.com/english/advisories/2008/1237/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/41848

NVD	https://nvd.nist.gov/vuln/detail/CVE-2007-5664
CWE	https://cwe.mitre.org/data/definitions/59.html

Improper Link Resolution Before File Access ('Link Following')

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References