Summary
The host is installed with IBM DB2 and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow attacker to cause a denial of service or compromise a vulnerable system.
Impact Level: System/Application
Solution
Update IBM DB2 Version 8.1 Fixpak 18,
For updates refer to http://www-01.ibm.com/support/docview.wss?uid=swg24024075
Insight
The flaws are due to:
- An unspecified error when using DAS command may allow attackers to gain unauthorized access to a vulnerable database.
- An unspecified error when processing malformed packets can be exploited to cause DB2JDS to crash creating a denial of service condition.
- A memory leak in the Security component may be exploited via unspecified vectors related to private memory within the DB2 memory structure.
Affected
IBM DB2 version 8.1 prior to Fixpak 18
References
Severity
Classification
-
CVE CVE-2009-2858, CVE-2009-2859, CVE-2009-2860 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- Apple Safari Secure Cookie Security Bypass Vulnerability (Mac OS X)
- Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
- Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
- Adobe Reader Old Plugin Signature Bypass Vulnerability (Windows)
- Apache Tomcat Remote Code Execution Vulnerability - Sep14