Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
IBM DB2 Multiple Vulnerabilities (Oct10)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
The host is running IBM DB2 and is prone to multiple vulnerabilities.
Insight
Insight
Multiple flaws are due to, - An error in 'Install' component, which enforces an unintended limit on password length, which makes it easier for attackers to obtain access via a brute-force attack. - A buffer overflow in the 'Administration Server' component, which allows an attacker to cause a denial of service via unspecified vectors. - An error in 'DRDA Services' component, which allows remote authenticated users to cause a denial of service. - The 'Engine Utilities' component uses world-writable permissions for the 'sqllib/cfg/db2sprf' file, which allows local users to gain privileges by modifying this file. - A memory leak in the 'Relational Data Services' component, when the connection concentrator is enabled. - The 'Query Compiler, Rewrite, Optimizer' component, allows remote authenticated users to cause a denial of service (CPU consumption). - The 'Security' component logs 'AUDIT' events by using a USERID and an AUTHID value corresponding to the instance owner, instead of a USERID and an AUTHID value corresponding to the logged-in user account. - The 'Net Search Extender' (NSE) implementation in the Text Search component does not properly handle an alphanumeric Fuzzy search. - The audit facility in the 'Security' component uses instance-level audit settings to capture connection (aka CONNECT and AUTHENTICATION) events in certain circumstances in which database-level audit settings were intended.
Affected Software
Affected Software
IBM DB2 versions 9.5 before Fix Pack 6a
Solution
Solution
Update DB2 version 9.5 Fix Pack 6a