| VID |
25172 |
| Severity |
30 |
| Port |
523 |
| Protocol |
TCP |
| Class |
DB |
| Detailed Description |
According to its version, the installation of DB2 10.5 on the remote host is older than Fix Pack 5 and is therefore potentially affected by multiple vulnerabilities :
- A remote, authenticated attacker, using a specially crafted 'ALTER TABLE' statement on an identity column, can cause a denial of service by crashing the server. (CVE-2014-6209)
- A remote, authenticated attacker, by using multiple 'ALTER TABLE' statements that specify the same column, can cause a denial of service by crashing the server. (CVE-2014-6210)
- An error exists in the XML library that allows a remote, authenticated attacker to cause denial of service via a crafted XML query that results in excessive CPU usage. (CVE-2014-8901)
* References:
https://www-304.ibm.com/support/docview.wss?uid=swg21690787
https://www-304.ibm.com/support/docview.wss?uid=swg21690891
http://www-01.ibm.com/support/docview.wss?uid=swg21692358
* Platforms Affected:
IBM DB2 UDB versions before 10.5 Fix Pack 5 |
| Recommendation |
Apply the latest IBM DB2 Universal Database Fix Pack (10.5 Fix Pack 5 or later), available from the IBM Support & downloads Web site at
http://www-01.ibm.com/support/docview.wss?uid=swg21692358 |
| Related URL |
CVE-2014-6209,CVE-2014-6210,CVE-2014-8901 (CVE) |
| Related URL |
71729,71730,71734 (SecurityFocus) |
| Related URL |
(ISS) |
|
