Summary
This host is running IBM DB2 and is prone to privilege escalation vulnerability.
Impact
Successful exploitation will allow attacker to gain escalated privileges and cause a stack-based buffer overflow.
Impact Level: Application
Solution
Apply the appropriate fix from below link,
http://www-01.ibm.com/support/docview.wss?uid=swg21639355
Insight
The flaw is due to a boundary error within the setuid-set db2aud binary, which can be exploited to cause a stack-based buffer overflow.
Affected
IBM DB2 version 9.1.x,
IBM DB2 version 9.5.x before FP9,
IBM DB2 version 9.7.x before FP7,
IBM DB2 version 9.8.x before FP5 and
IBM DB2 version 10.1.x before FP1 on Linux
Detection
Get the installed version of IBM DB2 with the help of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2013-3475 -
CVSS Base Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- MySQL 5.5.20 Unspecified Remote Code Execution Vulnerability
- Oracle Database Server listener Security Bypass Vulnerability
- IBM DB2 SQL/PSM Stored Procedure Debugging Buffer Overflow Vulnerability (Linux)
- IBM DB2 Audit Facility Local Privilege Escalation Vulnerability (Linux)
- IBM DB2 UDB Multiple Unspecified Vulnerabilities (Linux)