This script is Copyright (C) 2007-2014 Tenable Network Security, Inc.
The remote database server is affected by multiple issues.
According to its version, the installation of DB2 on the remote host
is affected by one or more of the following issues :
- A local user may be able to overwrite arbitrary files,
create arbitrary world-writeable directories, or gain root
privileges via symlink attacks or specially crafted
environment variables (IY98210 / IY99261).
- A user may be able to continue to execute a method even
once privileges for the method have been revoked (IY88226,
version 8 only).
- There is an unspecified issue allowing for privilege
elevation when DB2 'execs' executables while running as
root (IY98206 / IY98176).
- There is an unspecified vulnerability related to incorrect
authorization routines (JR25940, version 8 only).
- There is an unspecified vulnerability in
'AUTH_LIST_GROUPS_FOR_AUTHID' (IZ01828, version 9.1
- There is an unspecified vulnerability in the 'db2licm' and
'db2pd' tools (IY97922 / IY97936).
- There is an unspecified vulnerability involving 'db2licd'
and the 'OSSEMEMDBG' and 'TRC_LOG_FILE' environment
variables (IY98011 / IY98101).
- There is a buffer overflow involving the 'DASPROF'
environment variable (IY97346 / IY99311).
- There is an unspecified vulnerability that can arise
during instance and FMP startup (IZ01923 / IZ02067).
- The DB2JDS service may allow for arbitrary code execution
without the need for authentication due to a stack
overflow in an internal sprintf() call (IY97750, version
- The DB2JDS service is affected by two denial of service
issues that can be triggered by packets with an invalid
LANG parameter or a long packet, which cause the process
to terminate (version 8 only).
Note that there is currently insufficient information to determine to
what extent the first set of issues overlaps the others.
See also :
Apply DB2 Version 9 Fix Pack 3 / 8.1 FixPak 15 / 8.2 FixPak 8 or later.
Risk factor :
Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 7.8
Public Exploit Available : true