IBM DB2 UTL_FILE Module Directory Traversal Vulnerability (Windows) Network Vulnerability

Summary

The host is running IBM DB2 and is prone to directory traversal vulnerability.

Impact

Successful exploitation allows remote users to modify, delete or read arbitrary files via a pathname in the file field. Impact Level: Application

Solution

Upgrade to IBM DB2 version 10.1 FP1 or later, For updates refer to http://www-01.ibm.com/support/docview.wss?uid=swg1IC85513

Insight

The flaw is caused due an improper validation of user-supplied input by routines within the UTL_FILE module. Which allows attackers to read arbitrary files.

Affected

IBM DB2 version 10.1 before FP1 on Windows

References

http://www-01.ibm.com/support/docview.wss?uid=swg1IC85513
http://www-01.ibm.com/support/docview.wss?uid=swg21611040
http://xforce.iss.net/xforce/xfdb/77924

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-3324

CVSS	Base Score: 9.0 AV:N/AC:L/Au:S/C:C/I:C/A:C

Related Vulnerabilities

IBM DB2 Multiple Unspecified Vulnerabilities (Linux)
Oracle Database Server Multiple Vulnerabilities - July 06
Oracle MySQL Multiple Unspecified vulnerabilities-02 Oct14 (Windows)
MySQL 5.x Unspecified Buffer Overflow Vulnerability
Sybase ASA default database password

Take action and discover your vulnerabilities