This script is Copyright (C) 2010-2014 Tenable Network Security, Inc.
The remote database server is affected by multiple issues.
According to its version, the installation of DB2 9.1 on the remote
host is affected by one or more of the following issues :
- The 'MODIFIED SQL DATA' table function is not dropped
when a definer loses required privileges to maintain
the objects. (IZ46773)
- A privilege escalation vulnerability exists in the
DB2STST program (on Linux and Unix platforms only).
- A malicious user could use the DB2DART program to
overwrite files owned by the instance owner. (IC65749)
- A heap overflow vulnerability exists in the 'REPEAT'
scalar function. A remote attacker with a valid
database connection could exploit this issue to execute
rbitrary code subject to the privileges under which
the database service operates. (IC65922)
- Special group and user enumeration operation on the DB2
server or DB2 Administrator Server (DAS) could trap
when running on Windows 2008. (IC66099)
- A weakness in the SSL v3 / TLS protocol involving
session renegotiation may allow an attacker to inject
an arbitrary amount of plaintext into the beginning of
the application protocol stream, which could facilitate
man-in-the-middle attacks. (IC67848)
See also :
Apply DB2 Version 9.1 Fix Pack 9 or later.
Risk factor :
Medium / CVSS Base Score : 6.5
CVSS Temporal Score : 4.8
Public Exploit Available : false