Summary
The host is installed with IBM DB2 and is prone to unspecified vulnerabilities.
Impact
Successful exploitation will allow attacker to bypass security restrictions.
Impact Level: System/Application
Solution
Update IBM DB2 8.2 FP18, 9.1 FP8, 9.5 FP5, 9.7 FP1, http://www-01.ibm.com/support/docview.wss?rs=0&uid=swg24022678
Insight
The flaw is due to an error in client interfaces component. It does not validate an unspecified pointer, which allows attackers to overwrite external memory via unknown vectors.
Affected
IBM DB2 version 8.2 prior to FP18
IBM DB2 version 9.1 prior to FP8
IBM DB2 version 9.5 prior to FP5
IBM DB2 version 9.7 prior to FP1
References
- ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT
- ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT
- ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT
- ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v97/APARLIST.TXT
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2009-4325 -
CVSS Base Score: 6.4
AV:N/AC:L/Au:N/C:N/I:P/A:P
Related Vulnerabilities
- Oracle MySQL Server Component 'Optimizer' Unspecified vulnerability Oct-2013 (Windows)
- IBM DB2 XML Feature DoS and CREATE VARIABLE Security Bypass Vulnerabilities
- PostgreSQL Conversion Encoding Remote Denial of Service Vulnerability
- MongoDB engine_v8 Denial of Service Vulnerability
- IBM DB2 DML Statement Execution Remote Privilege Escalation Vulnerability (Linux)