| VID |
25069 |
| Severity |
40 |
| Port |
523 |
| Protocol |
TCP |
| Class |
DB2 |
| Detailed Description |
A version of IBM DB2 UDB server which is older than 8.2 FixPack 17 is running on the host. IBM DB2 Universal Database (UDB) versions prior to 8.2 FixPack 17 could allow a local attacker to gain escalated privileges or to perform certain actions with escalated privileges. An attacker could exploit these vulnerabilities to bypass security restrictions, disclose sensitive information, cause a denial of service or execute arbitrary code as the DB2 instance owner.
* References:
http://www-1.ibm.com/support/docview.wss?uid=swg21255352
http://www-01.ibm.com/support/docview.wss?uid=swg1IZ08134
http://www-01.ibm.com/support/docview.wss?uid=swg1IZ20350
http://www-01.ibm.com/support/docview.wss?uid=swg1JR29274
http://www-01.ibm.com/support/docview.wss?uid=swg1JR30228
http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22004
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT
http://secunia.com/advisories/31787/
* Platforms Affected:
IBM DB2 UDB versions prior to 8.2 FixPack 17
Microsoft Windows Any version
Sun Microsystems, Inc., Solaris SPARC and x86
Hewlett-Packard Company, HP-UX 11i
Linux Any version
IBM AIX 4.0 and 5L |
| Recommendation |
For DB2 Universal Database 8:
Apply the latest IBM DB2 Universal Database Fix Pack (8.2 FixPak 17 or later), available from the IBM Web site at http://www.ibm.com/software/data/db2/udb/support/downloadv8.html |
| Related URL |
CVE-2008-2154,CVE-2008-3958,CVE-2008-3960 (CVE) |
| Related URL |
31058 (SecurityFocus) |
| Related URL |
(ISS) |
|
