Summary
The host is installed with IBM DB2 and is prone to multiple vulnerabilities.
Impact
Successful exploitation allows the attacker to potentially perform certain actions with escalated privileges or to bypass certain security restrictions.
Impact Level: System/Application
Solution
Update DB2 8 Fixpak 18 or 9.1 Fixpak 8 or 9.5 Fixpak 4 or 9.7 Fixpak 1 or later.
For updates refer to http://www-01.ibm.com/support/docview.wss?rs=71&uid=swg27007053
Insight
Multiple flaws are due to:
- Unspecified error exists related to a table function when the definer loses required privileges.
- Unspecified error that can be exploited to insert, update, or delete rows in a table without having required privileges.
- Unspecified error in the handling of 'SET SESSION AUTHORIZATION' statements.
- Error in 'DASAUTO' command, it can be run by non-privileged users.
Affected
IBM DB2 version 8 prior to Fixpak 18
IBM DB2 version 9.1 prior to Fixpak 8
IBM DB2 version 9.5 prior to Fixpak 4
IBM DB2 version 9.7 prior to Fixpak 1
References
Severity
Classification
-
CVE CVE-2009-4150 -
CVSS Base Score: 4.6
AV:L/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Apple Safari Multiple Memory Corruption Vulnerabilities-03 Aug14 (Mac OS X)
- Adobe Reader Plugin Signature Bypass Vulnerability (Windows)
- Apple Mac OS X Denial of Service Vulnerability
- Apple Safari Multiple Memory Corruption Vulnerabilities-02 Aug14 (Mac OS X)
- Asterisk RTP Comfort Noise Processing Remote Denial of Service Vulnerability