| VID |
25152 |
| Severity |
40 |
| Port |
523 |
| Protocol |
TCP |
| Class |
DB |
| Detailed Description |
According to its version, the installation of DB2 10.5 on the remote host is older than Fix Pack 4 and is therefore potentially affected by multiple vulnerabilities :
- An error exists related to JavaScript Object Notation (JSON-C) handling, string parsing, and the hash function that allows denial of service attacks. (CVE-2013-6371)
- A buffer overflow error exists related to handling 'ALTER MODULE' statements that could lead to server crashes or arbitrary code execution. (CVE-2014-3094)
- An error exists related to handling 'SELECT' statements having subqueries using 'UNION' that allows denial of service attacks. (CVE-2014-3095)
- An error exists related to Columnar Data Engine (CDE) tables and 'LOAD' statement handling that allows local information disclosure. (CVE-2014-4805)
* References:
http://www-01.ibm.com/support/docview.wss?uid=swg21647054#4
http://www-01.ibm.com/support/docview.wss?uid=swg24038261
http://www-01.ibm.com/support/docview.wss?uid=swg1IT02201
http://www-01.ibm.com/support/docview.wss?uid=swg21681631
http://www-01.ibm.com/support/docview.wss?uid=swg1IT02433
https://www-304.ibm.com/support/docview.wss?uid=swg21681723
* Platforms Affected:
IBM DB2 UDB versions before 10.5 FixPack 4 |
| Recommendation |
Apply the latest IBM DB2 Universal Database Fix Pack (10.5 Fix Pack 4 or later), available from the IBM Support & downloads Web site at
http://www-01.ibm.com/support/docview.wss?uid=swg24038261 |
| Related URL |
CVE-2013-6371,CVE-2014-3094,CVE-2014-3095,CVE-2014-4805 (CVE) |
| Related URL |
66715,69541,69546,69550 (SecurityFocus) |
| Related URL |
(ISS) |
|
