| VID |
25067 |
| Severity |
40 |
| Port |
523 |
| Protocol |
TCP |
| Class |
DB2 |
| Detailed Description |
A version of IBM DB2 UDB server which is older than 9.5 FixPak 1 is running on the host. IBM DB2 Universal Database (UDB) versions 9.5 prior to 9.5 FixPak 1 could allow a local attacker to gain escalated privileges or to perform certain actions with escalated privileges. An attacker could exploit these vulnerabilities to bypass security restrictions, disclose sensitive information, cause a denial of service or execute arbitrary code as the DB2 instance owner.
* References:
http://www.securityfocus.com/archive/1/archive/1/491071/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/491073/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/491075/100/0/threaded
http://www-1.ibm.com/support/docview.wss?uid=swg1IZ10776
http://www-1.ibm.com/support/docview.wss?uid=swg1IZ10917
http://www-1.ibm.com/support/docview.wss?uid=swg1IZ12406
http://www-1.ibm.com/support/docview.wss?uid=swg1IZ12798
http://www-1.ibm.com/support/docview.wss?uid=swg1IZ19155
http://www-1.ibm.com/support/docview.wss?uid=swg1JR28314
http://www-1.ibm.com/support/docview.wss?uid=swg21287889
http://secunia.com/advisories/30558/
* Platforms Affected:
IBM DB2 UDB versions 9.5 prior to 9.5 FixPack 1
Microsoft Windows Any version
Sun Microsystems, Inc., Solaris SPARC and x86
Hewlett-Packard Company, HP-UX 11i
Linux Any version
IBM AIX 4.0 and 5L |
| Recommendation |
For DB2 Universal Database 9:
Apply the latest IBM DB2 Universal Database Fix Pack (9.5 FixPak 1 or later), available from the IBM Support & downloads Web site at http://www-1.ibm.com/support/docview.wss?uid=swg21287889 |
| Related URL |
CVE-2008-1966,CVE-2008-1997,CVE-2008-1998 (CVE) |
| Related URL |
28835,28836,28843 (SecurityFocus) |
| Related URL |
41955,41959,41960 (ISS) |
|
