| VID |
25065 |
| Severity |
40 |
| Port |
523 |
| Protocol |
TCP |
| Class |
DB2 |
| Detailed Description |
A version of IBM DB2 UDB server which is older than 8.2 FixPak 16 is running on the host. IBM DB2 Universal Database (UDB) versions 8.x prior to 8.2 FixPak 16 could allow a local attacker to gain escalated privileges or to perform certain actions with escalated privileges. An attacker could exploit these vulnerabilities to bypass security restrictions, disclose sensitive information, cause a denial of service or execute arbitrary code as the DB2 instance owner.
* References:
http://www-1.ibm.com/support/docview.wss?uid=swg21256235
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=653
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=654
http://archives.neohapsis.com/archives/bugtraq/2008-02/0073.html
http://archives.neohapsis.com/archives/bugtraq/2008-02/0074.html
http://secunia.com/advisories/28771
* Platforms Affected:
IBM DB2 UDB versions 8.x prior to 8.2 FixPak 16
Microsoft Windows Any version
Sun Microsystems, Inc., Solaris SPARC and x86
Hewlett-Packard Company, HP-UX 11i
Linux Any version
IBM AIX 4.0 and 5L |
| Recommendation |
Apply the latest IBM DB2 Universal Database Fix Pack (8.2 FixPak 16 or later), available from the IBM Support & downloads Web site at http://www-1.ibm.com/support/docview.wss?rs=71&uid=swg21256235 |
| Related URL |
CVE-2007-3676,CVE-2007-5757 (CVE) |
| Related URL |
27596,27680,27681 (SecurityFocus) |
| Related URL |
40224,40230 (ISS) |
|
