| VID |
25095 |
| Severity |
40 |
| Port |
523 |
| Protocol |
TCP |
| Class |
DB2 |
| Detailed Description |
According to its version, the installation of DB2 9.5 on the remote host is affected by one or more of the following issues :
- The 'MODIFIED SQL DATA' table function is not dropped when a definer loses required privileges to maintain the objects. (IZ46774)
- A privilege escalation vulnerability exists in the DB2STST program (on Linux and Unix platforms only). (IC65703)
- A malicious user could use the DB2DART program to overwrite files owned by the instance owner. (IC65756)
- The scalar function REPEAT contains a buffer overflow that a malicious user with a valid database connection could manipulate, causing the DB2 server to trap. (IC65933)
- Special group and user enumeration operation on the DB2 server or DB2 Administrator Server (DAS) could trap when running on Windows 2008. (IC66642)
- A weakness in the SSL v3 / TLS protocol involving session renegotiation may allow an attacker to inject an arbitrary amount of plaintext into the beginning of
the application protocol stream, which could facilitate man-in-the-middle attacks. (IC68054)
* References:
http://www-01.ibm.com/support/docview.wss?uid=swg1IZ46774
http://www-01.ibm.com/support/docview.wss?uid=swg1IC65703
http://www-01.ibm.com/support/docview.wss?uid=swg1IC65756
http://www-01.ibm.com/support/docview.wss?uid=swg1IC65933
http://www-01.ibm.com/support/docview.wss?uid=swg1IC66642
http://www-01.ibm.com/support/docview.wss?uid=swg1IC68054
http://www-01.ibm.com/support/docview.wss?uid=swg21444772
* Platforms Affected:
IBM DB2 UDB versions 9.5 prior to 9.5 FixPack 6
Microsoft Windows Any version
Sun Microsystems, Inc., Solaris SPARC and x86
Hewlett-Packard Company, HP-UX 11i
Linux Any version
IBM AIX 4.0 and 5L |
| Recommendation |
For DB2 Universal Database 9.5:
Apply the latest IBM DB2 Universal Database Fix Pack (9.5 FixPak 6 or later), available from the IBM Support & downloads Web site at http://www-01.ibm.com/support/docview.wss?rs=0&uid=swg24027747 |
| Related URL |
CVE-2009-3471,CVE-2009-3555,CVE-2010-0462,CVE-2010-3193,CVE-2010-3194,CVE-2010-3195 (CVE) |
| Related URL |
36540,36935,37976,40446 (SecurityFocus) |
| Related URL |
(ISS) |
|
