IBM DB2 10.5 < Fix Pack 1 Security Bypass

This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.


Synopsis :

The remote database server is affected by security bypass
vulnerability.

Description :

According to its version, the installation of IBM DB2 10.5 running on
the remote host is affected by a security bypass vulnerability.

An unspecified error exists that can allow an attacker to gain SELECT,
INSERT, UPDATE, or DELETE permissions to database tables.

Note that successful exploitation requires the rights EXPLAIN, SQLADM,
or DBADM.

See also :

http://www-01.ibm.com/support/docview.wss?uid=swg21646809
http://www-01.ibm.com/support/docview.wss?uid=swg24035569

Solution :

Apply IBM DB2 version 10.5 Fix Pack 1 or later.

Risk factor :

Medium / CVSS Base Score : 4.6
(CVSS2#AV:N/AC:H/Au:S/C:P/I:P/A:P)
CVSS Temporal Score : 4.0
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Databases

Nessus Plugin ID: 69800 ()

Bugtraq ID: 62018

CVE ID: CVE-2013-4033