Summary
The host is running IBM DB2 and is prone to security bypass vulnerability.
Impact
Successful exploitation allows remote authenticated users to execute non-DDL statements by leveraging previous possession of this authority.
Impact Level: Application.
Solution
Upgrade to IBM DB2 version 9.1 FP10, 9.5 FP6a, 9.7 FP2 or later, http://www-01.ibm.com/support/docview.wss?rs=71&uid=swg27007053
Insight
The flaw is due to an error in the application while revoking 'DBADM' privileges. This does not restrict users from executing non-DDL statements.
Affected
IBM DB2 version 9.1 before FP10,
IBM DB2 version 9.5 before FP6a and
IBM DB2 version 9.7 before FP2
References
Severity
Classification
-
CVE CVE-2011-0757 -
CVSS Base Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P
Related Vulnerabilities
- PostgreSQL Conversion Encoding Remote Denial of Service Vulnerability
- Oracle MySQL Multiple Unspecified vulnerabilities-03 July14 (Windows)
- Oracle MySQL Prior to 5.1.51 Multiple Denial Of Service Vulnerabilities
- IBM DB2 XSLT Library Denial of Service Vulnerability
- IBM DB2 REPEAT Buffer Overflow and TLS Renegotiation Vulnerabilities (Linux)