Summary
The host is installed with IBM DB2 and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow attacker to bypass security restrictions, cause a denial of service and some are having unknown impact.
Impact Level: System/Application
Solution
Update IBM DB2 9.5 FP 5 or 9.7 FP 1,
http://www-01.ibm.com/support/docview.wss?rs=0&uid=swg24022678
Insight
The flaws are due to:
- An unspecified error in RAND scalar function in the common code infrastructure component when the Database Partitioning Feature (DPF) is used.
- An error in common code infrastructure component does not properly validate the size of a memory pool during a creation attempt, which allows attackers to cause a denial of service via unspecified vectors.
- An error in install component when configures the High Availability (HA) scripts with incorrect file-permission and authorization settings.
Affected
IBM DB2 version 9.5 prior to FP 5
IBM DB2 version 9.7 prior to FP 1
References
Severity
Classification
-
CVE CVE-2009-4326, CVE-2009-4327, CVE-2009-4331 -
CVSS Base Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- IBM DB2 Audit Facility Local Privilege Escalation Vulnerability (Linux)
- IBM DB2 UTL_FILE Module Directory Traversal Vulnerability (Windows)
- Oracle Database Server listener Security Bypass Vulnerability
- Oracle Database Server Multiple Unspecified Vulnerabilities - Jan 08
- Oracle Database Server 'RDBMS' component Denial of Service Vulnerability