DB2 < 9 Fix Pack 3 / 8 FixPak 15 Multiple Vulnerabilities

This script is Copyright (C) 2007-2014 Tenable Network Security, Inc.

Synopsis :

The remote database server is affected by multiple issues.

Description :

According to its version, the installation of DB2 on the remote host
is affected by one or more of the following issues :

- A local user may be able to overwrite arbitrary files,
create arbitrary world-writeable directories, or gain root
privileges via symlink attacks or specially crafted
environment variables (IY98210 / IY99261).
- A user may be able to continue to execute a method even
once privileges for the method have been revoked (IY88226,
version 8 only).
- There is an unspecified issue allowing for privilege
elevation when DB2 'execs' executables while running as
root (IY98206 / IY98176).
- There is an unspecified vulnerability related to incorrect
authorization routines (JR25940, version 8 only).
- There is an unspecified vulnerability in
'AUTH_LIST_GROUPS_FOR_AUTHID' (IZ01828, version 9.1
- There is an unspecified vulnerability in the 'db2licm' and
'db2pd' tools (IY97922 / IY97936).
- There is an unspecified vulnerability involving 'db2licd'
and the 'OSSEMEMDBG' and 'TRC_LOG_FILE' environment
variables (IY98011 / IY98101).
- There is a buffer overflow involving the 'DASPROF'
environment variable (IY97346 / IY99311).
- There is an unspecified vulnerability that can arise
during instance and FMP startup (IZ01923 / IZ02067).
- The DB2JDS service may allow for arbitrary code execution
without the need for authentication due to a stack
overflow in an internal sprintf() call (IY97750, version
8 only).
- The DB2JDS service is affected by two denial of service
issues that can be triggered by packets with an invalid
LANG parameter or a long packet, which cause the process
to terminate (version 8 only).

Note that there is currently insufficient information to determine to
what extent the first set of issues overlaps the others.

See also :


Solution :

Apply DB2 Version 9 Fix Pack 3 / 8.1 FixPak 15 / 8.2 FixPak 8 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 7.8
Public Exploit Available : true