IBM DB2 Multiple Vulnerabilities (Sep10) Network Vulnerability

Summary

The host is running IBM DB2 and is prone to multiple vulnerabilites.

Impact

Successful exploitation will allow attackers to bypass security restrictions, gain knowledge of sensitive information or cause a denial of service. Impact Level: Application.

Solution

Update DB2 9.1 Fix Pack 9, 9.5 Fix Pack 6, or 9.7 Fix Pack 2, http://www-01.ibm.com/support/docview.wss?rs=71&uid=swg27007053

Insight

Multiple flaws are due to, - An unspecified error related to 'DB2STST' program, which has unknown impact and attack vectors. - An error related to 'DB2DART' program, which could be exploited to overwrite files owned by the instance owner.

Affected

IBM DB2 versions prior to 9.1 Fix Pack 9 IBM DB2 versions prior to 9.5 Fix Pack 6 IBM DB2 versions prior to 9.7 Fix Pack 2

References

http://secunia.com/advisories/41218
http://www.vupen.com/english/advisories/2010/2225
http://xforce.iss.net/xforce/xfdb/61445

Updated on 2017-03-28

Severity

Classification

CVE CVE-2010-3193, CVE-2010-3194

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

MySQL 5.x Unspecified Buffer Overflow Vulnerability
IBM DB2 'nodes.reg' Permission Weakness Vulnerability
IBM DB2 UDB Multiple Unspecified Vulnerabilities (Windows)
Oracle MySQL Server Multiple Vulnerabilities-01 Nov12 (Windows)
IBM DB2 Multiple Vulnerabilities (Sep10)

Take action and discover your vulnerabilities