IBM DB2 Universal Database Multiple Vulnerabilities - Sept08 (Win) Network Vulnerability

Summary

The host is running DB2 Database Server, which is prone to multiple vulnerabilities.

Impact

Remote exploitation could allow attackers to bypass security restrictions, cause a denial of service or gain elevated privileges. Impact Level : Application

Solution

Update to Fixpak 17 or later. ftp://ftp.software.ibm.com/ps/products/db2/fixes/ ***** NOTE : Ignore this warning, if above mentioned patch is already applied. *****

Insight

The flaws exists due to unspecified errors in processing of, - CONNECT/ATTACH requests, - DB2FMP process and DB2JDS service.

Affected

IBM DB2 version 8 prior to Fixpak 17 on Windows (All).

References

http://secunia.com/advisories/31787/
http://securitytracker.com/alerts/2008/Sep/1020826.html
http://www-01.ibm.com/support/docview.wss?uid=swg1JR29274
http://www.frsirt.com/english/advisories/2008/2517

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-2154, CVE-2008-3958, CVE-2008-3960

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Colasoft Capsa Malformed SNMP V1 Packet Remote Denial of Service Vulnerability
ClamAV Multiple Vulnerabilities (Win)
connect to all open ports
Apple Safari Multiple Vulnerabilities June-09 (Win) - II
Allegro Software RomPager 2.10 Denial of Service

Take action and discover your vulnerabilities