| VID |
25123 |
| Severity |
40 |
| Port |
523 |
| Protocol |
TCP |
| Class |
DB |
| Detailed Description |
According to its version, the installation of DB2 9.7 on the remote host is older than Fix Pack 6 and is therefore potentially affected by multiple vulnerabilities :
- A local user can exploit a vulnerability in the bundled IBM Tivoli Monitoring Agent (ITMA) to escalate their privileges. (CVE-2011-4061)
- An authorized user with 'CONNECT' and 'CREATEIN' privileges on a database can perform unauthorized reads on tables. (CVE-2012-0709)
- An unspecified error in the DB2 Administration Server (DAS) can allow remote privilege escalation or denial of service via unspecified vectors. Note that this issue does not affect Windows hosts. (CVE-2012-0711)
- An authorized user with 'CONNECT' privileges from 'PUBLIC' can cause a denial of service via unspecified methods related to DB2's XML feature. (CVE-2012-0712)
- An unspecified information disclosure error exists related to the XML feature that can allow improper access to arbitrary XML files. (CVE-2012-0713)
- An error exists related to the Distributed Relational Database Architecture (DRDA) that can allow denial of service conditions when processing certain request. (CVE-2012-2180)
* References:
http://www-01.ibm.com/support/docview.wss?uid=swg1IC79274
http://www-01.ibm.com/support/docview.wss?uid=swg1IC80729
http://www-01.ibm.com/support/docview.wss?uid=swg1IC81380
http://www-01.ibm.com/support/docview.wss?uid=swg1IC81390
http://www-01.ibm.com/support/docview.wss?uid=swg1IC81462
http://www-01.ibm.com/support/docview.wss?uid=swg1IC82234
http://www-01.ibm.com/support/docview.wss?uid=swg21450666
* Platforms Affected:
IBM DB2 UDB versions before 9.7 FixPack 6 |
| Recommendation |
Apply the latest IBM DB2 Universal Database Fix Pack (9.7 FixPack 6 or later), available from the IBM Support & downloads Web site at
http://www-01.ibm.com/support/docview.wss?uid=swg24032754 |
| Related URL |
CVE-2011-4061,CVE-2012-0709,CVE-2012-0711,CVE-2012-0712,CVE-2012-0713,CVE-2012-2180 (CVE) |
| Related URL |
51181,52326,53873 (SecurityFocus) |
| Related URL |
(ISS) |
|
