DB2 9.1 < Fix Pack 10 Multiple Vulnerabilities

This script is Copyright (C) 2011-2014 Tenable Network Security, Inc.


Synopsis :

The remote database server is affected by multiple issues.

Description :

According to its version, the installation of DB2 9.1 on the remote
host is older than Fix Pack 10. Such versions are affected by one or
more of the following issues :

- It is possible to execute non-DDL statements even after
an user's DBADM authority has been revoked. (IC66811)

- Multiple vulnerabilities in 'db2dasrrm' component could
allow arbitrary code execution. (IC71203)/(IC69986)

See also :

http://www.zerodayinitiative.com/advisories/ZDI-11-035/
http://archives.neohapsis.com/archives/fulldisclosure/2011-01/0585.html
http://www.zerodayinitiative.com/advisories/ZDI-11-036/
http://archives.neohapsis.com/archives/fulldisclosure/2011-01/0586.html
https://www-01.ibm.com/support/docview.wss?uid=swg1IC66811
https://www-01.ibm.com/support/docview.wss?uid=swg1IC69986
https://www-01.ibm.com/support/docview.wss?uid=swg1IC71203
https://www-01.ibm.com/support/docview.wss?uid=swg21426108

Solution :

Apply DB2 Version 9.1 Fix Pack 10 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.4
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Databases

Nessus Plugin ID: 51840 ()

Bugtraq ID: 46052
46064
46077

CVE ID: CVE-2010-3731
CVE-2011-0731
CVE-2011-0757