| VID |
25063 |
| Severity |
30 |
| Port |
523 |
| Protocol |
TCP |
| Class |
DB2 |
| Detailed Description |
A version of IBM DB2 UDB server which is older than 9 FixPak 3 or 8 FixPak 15 is running on the host. IBM DB2 Universal Database (UDB) versions 9 prior to 9 FixPak 3 and versions prior to 8 FixPak 15 could allow a local attacker to cause a denial of service or execute arbitrary code, caused by insecure permissions, buffer overflow and directory traversal errors within various tools and scripts. An attacker could exploit these vulnerabilities to cause the affected database to crash or to execute arbitrary code on the host with root privileges via a specially crafted request or environment variable.
* References:
http://www-1.ibm.com/support/docview.wss?uid=swg21256235
http://www-1.ibm.com/support/docview.wss?uid=swg21255607
http://www-1.ibm.com/support/docview.wss?uid=swg21255352
http://www-1.ibm.com/support/docview.wss?uid=swg1JR25940
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=578
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=579
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=580
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=581
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=582
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=583
http://archives.neohapsis.com/archives/fulldisclosure/2007-08/0313.html
http://archives.neohapsis.com/archives/fulldisclosure/2007-08/0314.html
http://archives.neohapsis.com/archives/fulldisclosure/2007-08/0315.html
http://archives.neohapsis.com/archives/fulldisclosure/2007-08/0316.html
http://archives.neohapsis.com/archives/fulldisclosure/2007-08/0317.html
http://archives.neohapsis.com/archives/fulldisclosure/2007-08/0318.html
http://archives.neohapsis.com/archives/fulldisclosure/2007-08/0319.html
http://www.frsirt.com/english/advisories/2007/2912
http://secunia.com/advisories/26471
* Platforms Affected:
IBM DB2 UDB versions prior to 8.1 FixPack 15
IBM DB2 UDB versions 9 prior to 9 FixPack 3
Microsoft Windows Any version
Sun Microsystems, Inc., Solaris SPARC and x86
Hewlett-Packard Company, HP-UX 11i
Linux Any version
IBM AIX 4.0 and 5L |
| Recommendation |
For DB2 Universal Database 8:
Apply the latest IBM DB2 Universal Database Fix Pack (8 FixPak 15 or later), available from the IBM Support & downloads Web site at http://www-1.ibm.com/support/docview.wss?uid=swg21256235
For DB2 Universal Database 9:
Apply the latest IBM DB2 Universal Database Fix Pack (9 FixPak 3 or later), available from the IBM Support & downloads Web site at http://www-1.ibm.com/support/docview.wss?uid=swg21255572 |
| Related URL |
CVE-2007-4270,CVE-2007-4271,CVE-2007-4272,CVE-2007-4273,CVE-2007-4275,CVE-2007-4276,CVE-2007-4417,CVE-2007-4418,CVE-2007-4423 (CVE) |
| Related URL |
25339 (SecurityFocus) |
| Related URL |
36062,36063,36066,36067,36068,36104,36106,36108,36109,36111 (ISS) |
|
