DB2 < 9 Fix Pack 3 / 8 FixPak 15 Multiple Vulnerabilities

This script is Copyright (C) 2007-2014 Tenable Network Security, Inc.


Synopsis :

The remote database server is affected by multiple issues.

Description :

According to its version, the installation of DB2 on the remote host
is affected by one or more of the following issues :

- A local user may be able to overwrite arbitrary files,
create arbitrary world-writeable directories, or gain root
privileges via symlink attacks or specially crafted
environment variables (IY98210 / IY99261).
- A user may be able to continue to execute a method even
once privileges for the method have been revoked (IY88226,
version 8 only).
- There is an unspecified issue allowing for privilege
elevation when DB2 'execs' executables while running as
root (IY98206 / IY98176).
- There is an unspecified vulnerability related to incorrect
authorization routines (JR25940, version 8 only).
- There is an unspecified vulnerability in
'AUTH_LIST_GROUPS_FOR_AUTHID' (IZ01828, version 9.1
only).
- There is an unspecified vulnerability in the 'db2licm' and
'db2pd' tools (IY97922 / IY97936).
- There is an unspecified vulnerability involving 'db2licd'
and the 'OSSEMEMDBG' and 'TRC_LOG_FILE' environment
variables (IY98011 / IY98101).
- There is a buffer overflow involving the 'DASPROF'
environment variable (IY97346 / IY99311).
- There is an unspecified vulnerability that can arise
during instance and FMP startup (IZ01923 / IZ02067).
- The DB2JDS service may allow for arbitrary code execution
without the need for authentication due to a stack
overflow in an internal sprintf() call (IY97750, version
8 only).
- The DB2JDS service is affected by two denial of service
issues that can be triggered by packets with an invalid
LANG parameter or a long packet, which cause the process
to terminate (version 8 only).

Note that there is currently insufficient information to determine to
what extent the first set of issues overlaps the others.

See also :

http://www.appsecinc.com/resources/alerts/db2/2007-01.shtml
http://archives.neohapsis.com/archives/fulldisclosure/2007-08/0313.html
http://archives.neohapsis.com/archives/fulldisclosure/2007-08/0314.html
http://archives.neohapsis.com/archives/fulldisclosure/2007-08/0315.html
http://archives.neohapsis.com/archives/fulldisclosure/2007-08/0316.html
http://archives.neohapsis.com/archives/fulldisclosure/2007-08/0317.html
http://archives.neohapsis.com/archives/fulldisclosure/2007-08/0318.html
http://archives.neohapsis.com/archives/fulldisclosure/2007-08/0319.html
http://archives.neohapsis.com/archives/bugtraq/2007-10/0153.html
http://www-1.ibm.com/support/docview.wss?uid=swg21255607
http://www-1.ibm.com/support/docview.wss?uid=swg21255352

Solution :

Apply DB2 Version 9 Fix Pack 3 / 8.1 FixPak 15 / 8.2 FixPak 8 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.8
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true