IBM DB2 < 9 Fix Pack 2 Multiple Vulnerabilities

This script is Copyright (C) 2007-2015 Tenable Network Security, Inc.

Synopsis :

The remote database server is affected by multiple issues.

Description :

According to its version, the installation of IBM DB2 running on the
remote host allows unsafe access to several setuid-root binaries. A
local attacker can exploit this to crash the affected database server
or possibly even gain root-level access.

In addition, the fenced userid may be able to access directories
without proper authorization.

See also :

Solution :

Apply DB2 Version 9 Fix Pack 2 or later.

Risk factor :

High / CVSS Base Score : 7.2
CVSS Temporal Score : 5.3
Public Exploit Available : false

Family: Databases

Nessus Plugin ID: 24699 (db2_9fp2.nasl)

Bugtraq ID: 22677

CVE ID: CVE-2007-1086