Summary
The host is running IBM DB2 and is prone to multiple vulnerabilites.
Impact
Successful exploitation will allow attackers to bypass security restrictions, gain knowledge of sensitive information or cause a denial of service.
Impact Level: Application.
Solution
Update DB2 9.1 Fix Pack 9, 9.5 Fix Pack 6, or 9.7 Fix Pack 2, http://www-01.ibm.com/support/docview.wss?rs=71&uid=swg27007053
Insight
Multiple flaws are due to,
- An unspecified error related to 'DB2STST' program, which has unknown impact and attack vectors.
- An error related to 'DB2DART' program, which could be exploited to overwrite files owned by the instance owner.
Affected
IBM DB2 versions prior to 9.1 Fix Pack 9
IBM DB2 versions prior to 9.5 Fix Pack 6
IBM DB2 versions prior to 9.7 Fix Pack 2
References
Severity
Classification
-
CVE CVE-2010-3193, CVE-2010-3194 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- IBM DB2 Multiple Vulnerabilities (Sep10)
- IBM DB2 Multiple Vulnerabilities (Oct10)
- IBM DB2 SQL/PSM Stored Procedure Debugging Buffer Overflow Vulnerability (Windows)
- IBM DB2 Audit Facility Local Privilege Escalation Vulnerability (Linux)
- Oracle Database Server Upgrade and Downgrade Component Multiple Vulnerabilities