The host is installed with IBM DB2 and is prone to multiple vulnerabilities.

Successful exploitation will allow attacker to bypass security restrictions, cause a denial of service and some are having unknown impact. Impact Level: System/Application

Update IBM DB2 9.5 FP 5 or 9.7 FP 1, http://www-01.ibm.com/support/docview.wss?rs=0&uid=swg24022678

The flaws are due to: - An unspecified error in RAND scalar function in the common code infrastructure component when the Database Partitioning Feature (DPF) is used. - An error in common code infrastructure component does not properly validate the size of a memory pool during a creation attempt, which allows attackers to cause a denial of service via unspecified vectors. - An error in install component when configures the High Availability (HA) scripts with incorrect file-permission and authorization settings.

IBM DB2 version 9.5 prior to FP 5 IBM DB2 version 9.7 prior to FP 1

• ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT
• ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v97/APARLIST.TXT
• http://secunia.com/advisories/37759
• http://www.vupen.com/english/advisories/2009/3520

---

Updated on 2015-03-25