IBM DB2 9.5 < Fix Pack 7 Multiple Vulnerabilities

This script is Copyright (C) 2011-2015 Tenable Network Security, Inc.

Synopsis :

The remote database server is affected by multiple vulnerabilities.

Description :

According to its version, the installation of IBM DB2 9.5 running on
the remote host is prior Fix Pack 7. It is, therefore, affected by the
following vulnerabilities :

- The 'db2dasrrm' component included with such versions
fails to perform sufficient bounds checks on user-
supplied input, which an attacker could leverage to
overflow the buffer, potentially resulting in arbitrary
code execution on the remote system. (IC72028)

- An unspecified error in the Relational Data Services
component can be exploited to update statistics for
tables without the appropriate privileges. (IC71413)

- An error in the Relational Data Services component may
grant users privileges to execute non-DDL statements
after role membership has been revoked from its group.

See also :

Solution :

Apply IBM DB2 version 9.5 Fix Pack 7 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 8.7
Public Exploit Available : false

Family: Databases

Nessus Plugin ID: 51841 ()

Bugtraq ID: 46052

CVE ID: CVE-2011-0731