IBM DB2 9.7 < Fix Pack 5 Multiple Denial of Service Vulnerabilities

This script is Copyright (C) 2011-2015 Tenable Network Security, Inc.


Synopsis :

The remote database server is affected by multiple denial of service
vulnerabilities.

Description :

According to its version, the installation of IBM DB2 9.7 running on
the remote host is prior to Fix Pack 5. It is, therefore, affected by
multiple denial of service vulnerabilities :

- On Unix and Unix-like systems with both the Self Tuning
Memory Manager (STMM) feature enabled and the
'DATABASE_MEMORY' option set to 'AUTOMATIC', local
users are able to carry out denial of service attacks
via unknown vectors. (IC70473 / CVE-2011-1373)

- A denial of service vulnerability exists in the version
of Java that is bundled with the IBM Software
Development Kit for Java. (PM32387 / CVE-2010-4476)

See also :

http://www.nessus.org/u?06b85bd0
http://www.nessus.org/u?bf39bb4c
http://www.nessus.org/u?41b02357
http://www-01.ibm.com/support/docview.wss?uid=swg1IC70473

Solution :

Apply IBM DB2 version 9.7 Fix Pack 5 or later.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 4.1
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Databases

Nessus Plugin ID: 56928 ()

Bugtraq ID: 46091
50686

CVE ID: CVE-2010-4476
CVE-2011-1373