IBM DB2 9.1 < Fix Pack 10 Multiple Vulnerabilities

This script is Copyright (C) 2011-2015 Tenable Network Security, Inc.


Synopsis :

The remote database server is affected by multiple issues.

Description :

According to its version, the installation of IBM DB2 9.1 running on
the remote host is prior to Fix Pack 10. It is, therefore, affected by
one or more of the following issues :

- It is possible to execute non-DDL statements even after
an user's DBADM authority has been revoked. (IC66811)

- Multiple vulnerabilities in 'db2dasrrm' component could
allow arbitrary code execution. (IC71203)/(IC69986)

See also :

http://www.zerodayinitiative.com/advisories/ZDI-11-035/
http://archives.neohapsis.com/archives/fulldisclosure/2011-01/0585.html
http://www.zerodayinitiative.com/advisories/ZDI-11-036/
http://archives.neohapsis.com/archives/fulldisclosure/2011-01/0586.html
https://www-01.ibm.com/support/docview.wss?uid=swg1IC66811
https://www-01.ibm.com/support/docview.wss?uid=swg1IC69986
https://www-01.ibm.com/support/docview.wss?uid=swg1IC71203
https://www-01.ibm.com/support/docview.wss?uid=swg21426108

Solution :

Apply IBM DB2 Version 9.1 Fix Pack 10 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Databases

Nessus Plugin ID: 51840 ()

Bugtraq ID: 46052
46064
46077

CVE ID: CVE-2010-3731
CVE-2011-0731
CVE-2011-0757