| VID |
25100 |
| Severity |
40 |
| Port |
523 |
| Protocol |
TCP |
| Class |
DB2 |
| Detailed Description |
According to its version, the installation of DB2 9.1 on the remote host is older than Fix Pack 10. Such versions are affected by one or more of the following issues :
- It is possible to execute non-DDL statements even after an user's DBADM authority has been revoked. (IC66811)
- Multiple vulnerabilities in 'db2dasrrm' component could allow arbitrary code execution. (IC71203)/(IC69986)
* References:
http://www.zerodayinitiative.com/advisories/ZDI-11-035/
http://archives.neohapsis.com/archives/fulldisclosure/2011-01/0585.html
http://www.zerodayinitiative.com/advisories/ZDI-11-036/
http://archives.neohapsis.com/archives/fulldisclosure/2011-01/0586.html
https://www-01.ibm.com/support/docview.wss?uid=swg1IC66811
https://www-01.ibm.com/support/docview.wss?uid=swg1IC69986
https://www-01.ibm.com/support/docview.wss?uid=swg1IC71203
https://www-01.ibm.com/support/docview.wss?uid=swg21426108
* Platforms Affected:
IBM DB2 UDB versions 9.1 FixPack 10
Microsoft Windows Any version
Sun Microsystems, Inc., Solaris SPARC and x86
Hewlett-Packard Company, HP-UX 11i
Linux Any version
IBM AIX 4.0 and 5L |
| Recommendation |
For DB2 Universal Database 9.1:
Apply the latest IBM DB2 Universal Database Fix Pack (9.1 FixPak 10 or later), available from the IBM Support & downloads Web site at https://www-01.ibm.com/support/docview.wss?uid=swg21426108 |
| Related URL |
CVE-2010-3731,CVE-2011-0731,CVE-2011-0757 (CVE) |
| Related URL |
46052,46064,46077 (SecurityFocus) |
| Related URL |
(ISS) |
|
