IBM DB2 9.7 < Fix Pack 3 Multiple Vulnerabilities

This script is Copyright (C) 2010-2015 Tenable Network Security, Inc.

Synopsis :

The remote database server is affected by multiple vulnerabilities.

Description :

According to its version, the installation of IBM DB2 9.7 running on
the remote host is prior Fix Pack 3. It is, therefore, affected by one
or more of the following issues :

- When privileges on a database object are revoked from
PUBLIC, the dependent functions are not marked INVALID.
As a result, users with execute privilege on the
function are still able to call it successfully.

- If a compound SQL (compiled) statement has been issued
by a user that is properly authorized, this is cached in
the dynamic SQL cache. Once cached, this same query can
be executed by any user if that user has the proper
authority. (IC70406)

- Multiple vulnerabilities in 'db2dasrrm' component could
allow arbitrary code execution. (IC70539 / IC72029)

See also :

Solution :

Apply IBM DB2 version 9.7 Fix Pack 3 or later.

Risk factor :

Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.3
Public Exploit Available : false

Family: Databases

Nessus Plugin ID: 50451 ()

Bugtraq ID: 43291

CVE ID: CVE-2010-3474