| VID |
25107 |
| Severity |
30 |
| Port |
523 |
| Protocol |
TCP |
| Class |
DB2 |
| Detailed Description |
According to its version, the installation of DB2 9.7 on the remote host is older than Fix Pack 5 and is affected by multiple denial of service vulnerabilities:
- On Unix and Unix-like systems with both the Self Tuning Memory Manager (STMM) feature enabled and the 'DATABASE_MEMORY' option set to 'AUTOMATIC', local users are able to carry out denial of service attacks via unknown vectors. (IC70473 / CVE-2011-1373)
- A denial of service vulnerability exists in the version of Java that is bundled with the IBM Software Development Kit for Java. (PM32387 / CVE-2010-4476)
* References:
http://publib.boulder.ibm.com/infocenter/db2luw/v9r7/index.jsp?topic=/com.ibm.db2.luw.wn.doc/doc/c0056050.html
http://www-01.ibm.com/support/docview.wss?uid=swg21450666
https://www-304.ibm.com/support/docview.wss?uid=swg21469961
http://www-01.ibm.com/support/docview.wss?uid=swg1IC70473
* Platforms Affected:
IBM DB2 UDB versions before 9.7 FixPack 5
Microsoft Windows Any version
Sun Microsystems, Inc., Solaris SPARC and x86
Hewlett-Packard Company, HP-UX 11i
Linux Any version
IBM AIX 4.0 and 5L |
| Recommendation |
For DB2 Universal Database 9.7:
Apply the latest IBM DB2 Universal Database Fix Pack (9.7 FixPack 5 or later), available from the IBM Support & downloads Web site at http://www-01.ibm.com/support/docview.wss?uid=swg21450666 |
| Related URL |
CVE-2010-4476,CVE-2011-1373 (CVE) |
| Related URL |
46091,50686 (SecurityFocus) |
| Related URL |
(ISS) |
|
