Korean
<< Back
VID 25242
Severity 40
Port 523
Protocol TCP
Class DB
Detailed Description According to its version, the installation of IBM DB2 running on the remote host is either 9.7 prior to fix pack 11 Special Build 36826, 10.1 prior to fix pack 6 Special Build 36827, 10.5 prior to fix pack 7 Special Build 36828, or 11.1.2.2 prior to fix pack 2 Special Build 36792. It is, therefore, affected by multiple vulnerabilities related to privilege escalation as described in the advisories.

IBM DB2 for Linux, UNIX and Windows 11.1 (includes DB2 Connect Server) under unusual circumstances, could expose highly sensitive information in the error log to a local user. (CVE-2017-1434)

IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileges to obtain root access. IBM X-Force ID: 128057. (CVE-2017-1438)

IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileges to obtain root access. IBM X-Force ID: 128058. (CVE-2017-1439)

IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user to obtain elevated privilege and overwrite DB2 files. IBM X-Force ID: 128180. (CVE-2017-1452)

IBM DB2 10.5 and 11.1 contains a denial of service vulnerability. A remote user can cause disruption of service for DB2 Connect Server setup with a particular configuration. IBM X-Force ID: 129829. (CVE-2017-1519)

* References:
http://www-01.ibm.com/support/docview.wss?uid=swg22006061
http://www-01.ibm.com/support/docview.wss?uid=swg22006885
http://www-01.ibm.com/support/docview.wss?uid=swg22006109
http://www-01.ibm.com/support/docview.wss?uid=swg22007183
http://www-01.ibm.com/support/docview.wss?uid=swg22007186
http://www-01.ibm.com/support/docview.wss?uid=swg22005740

* Platforms Affected:
IBM DB2 UDB versions before 10.1 Fix Pack 6
Recommendation Apply the latest IBM DB2 Universal Database Fix Pack (10.1 Fix Pack 6 or later), available from the IBM Support & downloads Web site at
http://www-01.ibm.com/support/docview.wss?uid=swg22006061
Related URL CVE-2017-1434,CVE-2017-1438,CVE-2017-1439,CVE-2017-1420,CVE-2017-1452,CVE-2017-1519 (CVE)
Related URL 93012 (SecurityFocus)
Related URL (ISS)