Summary
The host is installed with IBM DB2 and is prone to multiple vulnerabilities.
Impact
Successful exploitation will let the attacker bypass security restrictions, cause a denial of service or gain elevated privileges.
Impact Level: System/Application
Solution
Update DB2 8 Fixpak 17 or 9.1 Fixpak 7 or 9.5 Fixpak 4 or later.
http://www-01.ibm.com/support/docview.wss?rs=0&uid=swg24022678
Insight
- An error in DRDA Services component can be exploited via an IPv6 address in the correlation token in the APPID string.
- An unspecified error can be exploited to connect to DB2 databases without a valid password if ldap-based authentication is used and the LDAP server allows anonymous binds.
Affected
IBM DB2 version 8 prior to Fixpak 17
IBM DB2 version 9.1 prior to Fixpak 7
IBM DB2 version 9.5 prior to Fixpak 4
References
Severity
Classification
-
CVE CVE-2009-1905, CVE-2009-1906 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- Adobe Reader Cross-Site Scripting & Denial of Service Vulnerabilities (Linux)
- Adobe Digital Edition Information Disclosure Vulnerability (Mac OS X)
- CA Gateway Security Remote Code Execution Vulnerability
- Adobe Reader 'file://' URL Information Disclosure Vulnerability Feb07 (Windows)
- Apple Safari 'setInterval()' Address Bar Spoofing Vulnerability (Win)