| VID |
25122 |
| Severity |
40 |
| Port |
523 |
| Protocol |
TCP |
| Class |
DB2 |
| Detailed Description |
According to its version, the installation of DB2 9.1 on the remote host is affected by one or more of the following issues :
- An integer signedness error exists in the 'db2asrrm' process that can lead to a heap-based buffer overflow. Note that this issue does not affect Windows hosts. (#IC80561 / CVE-2012-0711)
- An error exists related to the stored procedure 'SQLJ.DB2_INSTALL_JAR' that can allow 'JAR' files to be overwritten. Note that this issue only affects Windows hosts. (#IC84019 / CVE-2012-2194)
- An error exists related to the stored procedures 'GET_WRAP_CFG_C' and 'GET_WRAP_CFG_C2' that can allow unauthorized access to XML files. (#IC84614 / CVE-2012-2196)
- An error exists related to the Java stored procedure infrastructure that can allow stack-based buffer overflows. (#IC84555 / CVE-2012-2197)
* References:
http://www-01.ibm.com/support/docview.wss?uid=swg21588093
http://www-01.ibm.com/support/docview.wss?uid=swg1IC84019
http://www-01.ibm.com/support/docview.wss?uid=swg1IC84614
http://www-01.ibm.com/support/docview.wss?uid=swg1IC84555
http://www-01.ibm.com/support/docview.wss?uid=swg24033023
* Platforms Affected:
IBM DB2 UDB versions before 9.1 FixPack 12 |
| Recommendation |
Apply the latest IBM DB2 Universal Database Fix Pack (9.1 FixPack 12 or later), available from the IBM Support & downloads Web site at
http://www-01.ibm.com/support/docview.wss?uid=swg24033023 |
| Related URL |
CVE-2012-0711,CVE-2012-2194,CVE-2012-2196,CVE-2012-2197 (CVE) |
| Related URL |
52326,54487 (SecurityFocus) |
| Related URL |
(ISS) |
|
