| VID |
25154 |
| Severity |
40 |
| Port |
523 |
| Protocol |
TCP |
| Class |
DB |
| Detailed Description |
According to its version, the installation of DB2 9.7 on the remote host is older than Fix Pack 10 and is therefore potentially affected by multiple vulnerabilities :
- An input-validation error exists related to handling the 'ALTER MODULE' statement that allows buffer overflows. (CVE-2014-3094)
- An error exists related to handling 'SELECT' statements with 'UNION' subqueries that allows application crashes. (CVE-2014-3095)
- An error exists related to 'LUW' and 'ALTER TABLE' statement handling that allows application crashes. (CVE-2014-6097)
- An error exists related to 'ALTER TABLE' statement handling that allows application crashes. (CVE-2014-6159)
* References:
* Platforms Affected:
http://www-01.ibm.com/support/docview.wss?uid=swg1IT02592
http://www-01.ibm.com/support/docview.wss?uid=swg21681631
http://www-01.ibm.com/support/docview.wss?uid=swg1IT02645
http://www-01.ibm.com/support/docview.wss?uid=swg21681623
http://www-01.ibm.com/support/docview.wss?uid=swg1IT03786
http://www-01.ibm.com/support/docview.wss?uid=swg21684812
http://www-01.ibm.com/support/docview.wss?uid=swg1IT05105
http://www-01.ibm.com/support/docview.wss?uid=swg21688051
* Platforms Affected:
IBM DB2 UDB versions before 9.7 FixPack 10 |
| Recommendation |
Apply the latest IBM DB2 Universal Database Fix Pack (9.7 Fix Pack 10 or later), available from the IBM Support & downloads Web site at
http://www-01.ibm.com/support/docview.wss?uid=swg24038641 |
| Related URL |
CVE-2014-3094,CVE-2014-3095,CVE-2014-6097,CVE-2014-6159 (CVE) |
| Related URL |
69546,69550,70983,71006 (SecurityFocus) |
| Related URL |
(ISS) |
|
