| VID |
25124 |
| Severity |
30 |
| Port |
523 |
| Protocol |
TCP |
| Class |
DB |
| Detailed Description |
According to its version, the installation of DB2 9.8 on the remote host is older than Fix Pack 5 and is therefore potentially affected by multiple vulnerabilities :
- An authorized user with 'CONNECT' privileges from 'PUBLIC' can cause a denial of service via unspecified methods related to DB2's XML feature. (CVE-2012-0712)
- An unspecified information disclosure error exists related to the XML feature that can allow improper access to arbitrary XML files. (CVE-2012-0713)
- An error exists related to the Distributed Relational Database Architecture (DRDA) that can allow denial of service conditions when processing certain request. (CVE-2012-2180)
* References:
http://www-01.ibm.com/support/docview.wss?uid=swg1IC81836
http://www-01.ibm.com/support/docview.wss?uid=swg1IC81837
http://www-01.ibm.com/support/docview.wss?uid=swg1IC81839
http://www-01.ibm.com/support/docview.wss?uid=swg1IC82367
http://www-01.ibm.com/support/docview.wss?uid=swg21595316
* Platforms Affected:
IBM DB2 UDB versions before 9.8 FixPack 5 |
| Recommendation |
Apply the latest IBM DB2 Universal Database Fix Pack (9.8 FixPack 5 or later), available from the IBM Support & downloads Web site at
http://www-01.ibm.com/support/docview.wss?uid=swg24032798 |
| Related URL |
CVE-2012-0712,CVE-2012-0713,CVE-2012-2180 (CVE) |
| Related URL |
52326,53873 (SecurityFocus) |
| Related URL |
(ISS) |
|
