Summary
The host is installed with IBM DB2 and is prone to buffer overflow and TLS renegotiation vulnerabilities.
Impact
Successful exploitation will allow attacker to cause a denial of service or to bypass security restrictions.
Impact Level: System/Application
Solution
Update IBM DB2 9.1 FP9,
For updates refer to http://www-01.ibm.com/support/docview.wss?rs=71&uid=swg27007053
Insight
The flaws are due to:
- Buffer overflow error within the scalar function 'REPEAT', which could allow malicious users to cause a vulnerable server to crash.
- An error in the 'TLS' implementation while handling session 're-negotiations' which can be exploited to insert arbitrary plaintext into an existing TLS session via Man-in-the-Middle (MitM) attacks.
Affected
IBM DB2 version 9.1 prior to FP9
References
Severity
Classification
-
CVE CVE-2010-1560 -
CVSS Base Score: 4.0
AV:N/AC:L/Au:S/C:N/I:N/A:P
Related Vulnerabilities