Summary
The host is running IBM DB2 and is prone to multiple vulnerabilites.
Impact
Successful exploitation will allow attackers to bypass security restrictions, gain knowledge of sensitive information or cause a denial of service.
Impact Level: Application.
Solution
Update DB2 version 9.7 Fix Pack 2,
http://www-01.ibm.com/support/docview.wss?rs=71&uid=swg27007053
Insight
Multiple flaws are due to,
- An erron in the handling of 'SYSIBMADM' schema. It does not perform the expected access control on the monitor administrative, which allows attackers to obtain sensitive information via unspecified vectors.
- An erron in the handling of 'AUTO_REVAL' when AUTO_REVAL is IMMEDIATE, which allows remote authenticated users to cause a denial of service.
Affected
IBM DB2 versions prior to 9.7 Fix Pack 2
References
Severity
Classification
-
CVE CVE-2010-3196, CVE-2010-3197 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- IBM DB2 db2pd Denial Of Service Vulnerability (Linux)
- Oracle MySQL Server Multiple Vulnerabilities-02 Nov12 (Windows)
- IBM DB2 REPEAT Buffer Overflow and TLS Renegotiation Vulnerabilities (Win)
- Oracle MySQL Multiple Unspecified vulnerabilities - 01 May14 (Windows)
- PostgreSQL Multiple Integer Overflow Vulnerabilities July14 (Windows)