Korean

<< Back VID 25112 Severity 30 Port 523 Protocol TCP Class DB2 Detailed Description According to its version, the installation of DB2 9.5 on the remote host is older than Fix Pack 9. Such versions are affected by the following vulnerabilities : - Incorrect, world-writable file permissions are in place for the file 'NODES.REG'. (IC79518) - An unspecified error can allow attacks to cause a denial of service via unspecified vectors. (IC76899) - A local user can exploit a vulnerability in the bundled IBM Tivoli Monitoring Agent (ITMA) to escalate their privileges. (IC79970) - An unspecified error in the DB2 Administration Server (DAS) can allow remote privilege escalation or denial of service via unspecified vectors. Note that this issue does not affect Windows hosts.(IC80728) - An authorized user with 'CONNECT' privileges from 'PUBLIC' can cause a denial of service via unspecified methods related to DB2's XML feature. (IC81379) - An authorized user with 'CONNECT' and 'CREATEIN' privileges on a database can perform unauthorized reads on tables. (IC81387) * References: http://www-01.ibm.com/support/docview.wss?uid=swg24032087 http://www-01.ibm.com/support/docview.wss?uid=swg21293566#9 http://www-01.ibm.com/support/docview.wss?uid=swg21586193 http://www-01.ibm.com/support/docview.wss?uid=swg1IC79970 http://www-01.ibm.com/support/docview.wss?uid=swg1IC81379 http://www-01.ibm.com/support/docview.wss?uid=swg1IC81387 * Platforms Affected: IBM DB2 UDB versions before 9.5 FixPack 9 Microsoft Windows Any version Sun Microsystems, Inc., Solaris SPARC and x86 Hewlett-Packard Company, HP-UX 11i Linux Any version IBM AIX 4.0 and 5L Recommendation For DB2 Universal Database 9.5 Apply the latest IBM DB2 Universal Database Fix Pack (9.5 FixPack 9 or later), available from the IBM Support & downloads Web site at http://www-304.ibm.com/support/docview.wss?uid=swg24032087 Related URL CVE-2012-0709,CVE-2012-0710,CVE-2012-0711,CVE-2012-0712,CVE-2012-1796 (CVE) Related URL 52326 (SecurityFocus) Related URL (ISS)