IBM DB2 < 8.1 Fix Pack 16 Multiple Vulnerabilities

This script is Copyright (C) 2008-2015 Tenable Network Security, Inc.

Synopsis :

The remote database server is affected by multiple issues.

Description :

According to its version, the installation of IBM DB2 running on the
remote host is affected by one or more of the following issues :

- A local user may be able to gain root privileges using
the 'db2pd' tool. (IZ03546)

- The 'b2dart' tool executes a TPUT command, which
effectively allows users to run commands as the DB2
instance owner. (IZ03647)

- A buffer overflow and invalid memory access
vulnerability exist in the DAS server code. (IZ05496)

- An unspecified vulnerability in 'SYSPROC.ADMIN_SP_C'.

- An unspecified vulnerability exists due to incorrect
authorization checking in 'ALTER TABLE' statements.

See also :

Solution :

Apply IBM DB2 UDB Version 8.1 Fix Pack 16 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 8.3
Public Exploit Available : true

Family: Databases

Nessus Plugin ID: 30153 (db2_81fp16.nasl)

Bugtraq ID: 27596

CVE ID: CVE-2007-3676