| VID |
25102 |
| Severity |
30 |
| Port |
523 |
| Protocol |
TCP |
| Class |
DB2 |
| Detailed Description |
According to its version, the installation of DB2 9.7 on the remote host is older than Fix Pack 4. Such versions are affected by one or more of the following issues :
- An unspecified error in the Relational Data Services component can be exploited to update statistics for tables without the appropriate privileges. (IC72119)
- An error in the Relational Data Services component may grant users privileges to execute non-DDL statements after role membership has been revoked from its group. (IC71375) (IC72028)
* References:
http://www-01.ibm.com/support/docview.wss?uid=swg1IC72119
http://www-01.ibm.com/support/docview.wss?uid=swg1IC71375
http://www-01.ibm.com/support/docview.wss?uid=swg21450666
* Platforms Affected:
IBM DB2 UDB versions 9.7 FixPack 4
Microsoft Windows Any version
Sun Microsystems, Inc., Solaris SPARC and x86
Hewlett-Packard Company, HP-UX 11i
Linux Any version
IBM AIX 4.0 and 5L |
| Recommendation |
For DB2 Universal Database 9.7:
Apply the latest IBM DB2 Universal Database Fix Pack (9.7 FixPack 4 or later), available from the IBM Support & downloads Web site at https://www-304.ibm.com/support/docview.wss?uid=swg21450666 |
| Related URL |
CVE-2011-1846,CVE-2011-1847 (CVE) |
| Related URL |
47525 (SecurityFocus) |
| Related URL |
(ISS) |
|
