Vulnerability Details CVE-2009-4326
The RAND scalar function in the Common Code Infrastructure component in IBM DB2 9.5 before FP5 and 9.7 before FP1, when the Database Partitioning Feature (DPF) is used, produces "repeating" return values, which might allow attackers to defeat protection mechanisms based on randomization by predicting a value.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 70.2%
CVSS Severity
CVSS v2 Score 4.3
References
- ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT
- ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v97/APARLIST.TXT
- http://secunia.com/advisories/37759
- http://www-01.ibm.com/support/docview.wss?uid=swg1IC63946
- http://www-01.ibm.com/support/docview.wss?uid=swg1IZ44872
- http://www-01.ibm.com/support/docview.wss?uid=swg21293566
- http://www-01.ibm.com/support/docview.wss?uid=swg21412902
- http://www.securityfocus.com/bid/37332
- http://www.vupen.com/english/advisories/2009/3520
- ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT
- ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v97/APARLIST.TXT
- http://secunia.com/advisories/37759
- http://www-01.ibm.com/support/docview.wss?uid=swg1IC63946
- http://www-01.ibm.com/support/docview.wss?uid=swg1IZ44872
- http://www-01.ibm.com/support/docview.wss?uid=swg21293566
- http://www-01.ibm.com/support/docview.wss?uid=swg21412902
- http://www.securityfocus.com/bid/37332
- http://www.vupen.com/english/advisories/2009/3520