Summary
This host is running IBM DB2 and is prone to privilege escalation vulnerability.
Impact
Successful exploitation will allow attacker to gain escalated privileges and bypass certain security restrictions.
Impact Level: Application
Solution
Apply the appropriate fix from below link,
http://www-01.ibm.com/support/docview.wss?uid=swg21646809
Insight
The flaw is due to the program failing to limit users from the EXPLAIN authority, which will allow a remote attacker to potentially execute the SELECT, INSERT, UPDATE or DELETE DML statements with elevated privileges.
Affected
IBM DB2 versions 9.8 through FP5 on Linux.
Detection
Get the installed version of IBM DB2 with the help of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2013-4033 -
CVSS Base Score: 4.6
AV:N/AC:H/Au:S/C:P/I:P/A:P
Related Vulnerabilities
- MongoDB nativeHelper Denial of Service Vulnerability
- IBM solidDB 'SELECT' Statement Denial Of Service Vulnerability
- IBM DB2 REPEAT Buffer Overflow and TLS Renegotiation Vulnerabilities (Win)
- IBM DB2 Self Tuning Memory Manager (STMM) DOS Vulnerability (Linux)
- MySQL Unspecified vulnerabilities-02 July-2013 (Windows)