Summary
The host is installed with IBM DB2 and is prone to multiple vulnerabilities.
Impact
Successful exploitation will let the attacker bypass security restrictions, cause a denial of service or gain elevated privileges.
Impact Level: System/Application
Solution
Update DB2 8 Fixpak 17 or 9.1 Fixpak 7 or 9.5 Fixpak 4 or later.
http://www-01.ibm.com/support/docview.wss?rs=0&uid=swg24022678
Insight
The flaws are due to,
- An error in DRDA Services component that can be exploited via an IPv6 address in the correlation token in the APPID string.
- An unspecified error can be exploited to connect to DB2 databases without a valid password if ldap-based authentication is used and the LDAP server allows anonymous binds.
Affected
IBM DB2 version 8 prior to Fixpak 17
IBM DB2 version 9.1 prior to Fixpak 7
IBM DB2 version 9.5 prior to Fixpak 4
References
Severity
Classification
-
CVE CVE-2009-1905, CVE-2009-1906 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- Apache Tomcat Multiple Vulnerabilities - 02 Mar14
- Apple Safari Multiple Memory Corruption Vulnerabilities-02 Aug14 (Mac OS X)
- Apple Safari WebKit Information Disclosure Vulnerability (Mac OS X)
- Avant Browser Address Bar Spoofing Vulnerability
- Arora Common Name SSL Certificate Spoofing Vulnerability (Linux)