This script is Copyright (C) 2008-2015 Tenable Network Security, Inc.
The remote database server is affected by multiple issues.
According to its version, the installation of IBM DB2 8 running on the
remote host is affected by multiple issues :
- By sending malicious DB2 UDB v7 client CONNECT/DETACH
requests it may be possible to crash the remote DB2
- Failure to switch the owner of the 'DB2FMP' process
may lead to a security vulnerability on Unix / Linux
- DAS server code is affected by a buffer overflow
- Using INSTALL_JAR, it may be possible to create and
overwrite critical files on the system. (IZ22142)
- DB2 does not mark inoperative or drop views and triggers
if the definer cannot maintain the objects. (IZ22287)
- By sending malicious packets to 'DB2JDS', it may be
possible to crash the remote DB2 server. (JR29274)
- While running on Windows 'DB2FMP' runs with OS
See also :
Apply IBM DB2 UDB version 8 Fix Pack 17 or later.
Risk factor :
Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 7.4
Public Exploit Available : false
Nessus Plugin ID: 34195 (db2_8fp17.nasl)
Bugtraq ID: 310583540835409
CVE ID: CVE-2008-2154CVE-2008-3856CVE-2008-3958CVE-2008-3960CVE-2008-6820CVE-2008-6821
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.