DB2 9.1 < Fix Pack 9 Multiple Vulnerabilities

This script is Copyright (C) 2010-2014 Tenable Network Security, Inc.


Synopsis :

The remote database server is affected by multiple issues.

Description :

According to its version, the installation of DB2 9.1 on the remote
host is affected by one or more of the following issues :

- The 'MODIFIED SQL DATA' table function is not dropped
when a definer loses required privileges to maintain
the objects. (IZ46773)

- A privilege escalation vulnerability exists in the
DB2STST program (on Linux and Unix platforms only).
(IC65408)

- A malicious user could use the DB2DART program to
overwrite files owned by the instance owner. (IC65749)

- A heap overflow vulnerability exists in the 'REPEAT'
scalar function. A remote attacker with a valid
database connection could exploit this issue to execute
rbitrary code subject to the privileges under which
the database service operates. (IC65922)

- Special group and user enumeration operation on the DB2
server or DB2 Administrator Server (DAS) could trap
when running on Windows 2008. (IC66099)

- A weakness in the SSL v3 / TLS protocol involving
session renegotiation may allow an attacker to inject
an arbitrary amount of plaintext into the beginning of
the application protocol stream, which could facilitate
man-in-the-middle attacks. (IC67848)

See also :

http://intevydis.blogspot.com/2010/01/ibm-db2-97-heap-overflow.html
http://www-01.ibm.com/support/docview.wss?uid=swg1IZ46773
http://www-01.ibm.com/support/docview.wss?uid=swg1IC65408
http://www-01.ibm.com/support/docview.wss?uid=swg1IC65749
http://www-01.ibm.com/support/docview.wss?uid=swg1IC65922
http://www-01.ibm.com/support/docview.wss?uid=swg1IC66099
http://www-01.ibm.com/support/docview.wss?uid=swg1IC67848
http://www-01.ibm.com/support/docview.wss?uid=swg21426108

Solution :

Apply DB2 Version 9.1 Fix Pack 9 or later.

Risk factor :

Medium / CVSS Base Score : 6.5
(CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P)
CVSS Temporal Score : 4.8
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Databases

Nessus Plugin ID: 46173 (db2_9fp9.nasl)

Bugtraq ID: 36540
36935
37976

CVE ID: CVE-2009-3471
CVE-2009-3555
CVE-2010-0462
CVE-2010-3193
CVE-2010-3194
CVE-2010-3195