IBM DB2 DBADM Privilege Revocation Security Bypass Vulnerability Network Vulnerability

Summary

The host is running IBM DB2 and is prone to security bypass vulnerability.

Impact

Successful exploitation allows remote authenticated users to execute non-DDL statements by leveraging previous possession of this authority. Impact Level: Application.

Solution

Upgrade to IBM DB2 version 9.1 FP10, 9.5 FP6a, 9.7 FP2 or later, http://www-01.ibm.com/support/docview.wss?rs=71&uid=swg27007053

Insight

The flaw is due to an error in the application while revoking 'DBADM' privileges. This does not restrict users from executing non-DDL statements.

Affected

IBM DB2 version 9.1 before FP10, IBM DB2 version 9.5 before FP6a and IBM DB2 version 9.7 before FP2

References

http://secunia.com/advisories/43148
http://xforce.iss.net/xforce/xfdb/65008
https://www-304.ibm.com/support/docview.wss?uid=swg1IC66814
https://www-304.ibm.com/support/docview.wss?uid=swg1IC66814&crawler=1

Updated on 2017-03-28

Severity

Classification

CVE CVE-2011-0757

CVSS	Base Score: 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P

Related Vulnerabilities

MongoDB nativeHelper Denial of Service Vulnerability
Oracle MySQL Server Multiple Vulnerabilities-02 Nov12 (Windows)
IBM DB2 Self Tuning Memory Manager (STMM) DOS Vulnerability (Win)
IBM DB2 SYSIBMADM Multiple Vulnerabilities (Sep10)
Oracle MySQL Server Multiple Vulnerabilities-04 Nov12 (Windows)

Take action and discover your vulnerabilities