The host is installed with IBM DB2 and is prone to multiple vulnerabilities.

Successful exploitation will allow attacker to bypass security restrictions, cause a denial of service. Impact Level: System/Application

Update IBM DB2 9.5 Fixpak 5, http://www-01.ibm.com/support/docview.wss?rs=0&uid=swg24022678

The flaws are due to: - An unspecified error in the Engine Utilities component, causes segmentation fault by modifying the db2ra data stream sent in a request from the load utility. - An unspecified error in 'db2licm' within the Engine Utilities component it has unknown impact and local attack vectors. - An unspecified error in the DRDA Services componenta, causes the server trap by calling a SQL stored procedure in unknown circumstances. - An error in relational data services component, allows attackers to obtain the password argument from the SET ENCRYPTION PASSWORD statement via vectors involving the GET SNAPSHOT FOR DYNAMIC SQL command. - Multiple unspecified errors in bundled stored procedures in the Spatial Extender component, have unknown impact and remote attack vectors. - An unspecified vulnerability in the Query Compiler, Rewrite, and Optimizer component, allows to cause a denial of service (instance crash) by compiling a SQL query

IBM DB2 version 9.5 prior to Fixpak 5

• ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT
• http://secunia.com/advisories/37759
• http://www.vupen.com/english/advisories/2009/3520

---

Updated on 2015-03-25