| VID |
25115 |
| Severity |
30 |
| Port |
523 |
| Protocol |
TCP |
| Class |
DB2 |
| Detailed Description |
According to its version, the installation of DB2 9.1 on the remote host is older than Fix Pack 11. Such versions are affected by the following vulnerabilities :
- The version of Java that is bundled with the application can enter an infinite loop when handling certain operations related to floating point numbers. (CVE-2010-4476)
- The Distributed Relational Database Architecture (DRDA) contains an error that can allow denial of service conditions when handling certain maliciously crafted requests. (CVE-2012-0710)
* References:
http://www-304.ibm.com/support/docview.wss?uid=swg21468291
http://www-304.ibm.com/support/docview.wss?uid=swg1IC76781
http://www-304.ibm.com/support/docview.wss?uid=swg21588090
http://www-304.ibm.com/support/docview.wss?uid=swg21255607
* Platforms Affected:
IBM DB2 UDB versions before 9.1 FixPack 11 |
| Recommendation |
Apply the latest IBM DB2 Universal Database Fix Pack (9.1 FixPack 11 or later), available from the IBM Support & downloads Web site at
http://www-304.ibm.com/support/docview.wss?uid=swg21255607 |
| Related URL |
CVE-2010-4476,CVE-2012-0710 (CVE) |
| Related URL |
46091,52326 (SecurityFocus) |
| Related URL |
73494 (ISS) |
|
