Detections
Analytics
IBM DB2 10.1 < Fix Pack 3 Multiple Vulnerabilities
high Nessus Plugin ID 70455
Language:
Synopsis
The remote database server is affected by multiple vulnerabilities.Description
According to its version, the installation of IBM DB2 10.1 running on the remote host is affected by the following vulnerabilities :- A stack-based buffer overflow error exists related to input validation in the Audit facility and could lead to privilege escalation and denial of service attacks.
Note this issue does not affected installs on the Windows operating system. (CVE-2013-3475 / IC92498)
- When a multi-node configuration is used, an error exists in the Fast Communications Manager (FCM) that could allow denial of service attacks. (CVE-2013-4032 / IC94434)
- An unspecified error exists that could allow an attacker to gain SELECT, INSERT, UPDATE, or DELETE permissions to database tables. Note that successful exploitation requires the rights EXPLAIN, SQLADM, or DBADM.
(CVE-2013-4033 / IC94757)
Solution
Apply IBM DB2 version 10.1 Fix Pack 3 or later.See Also
http://www.nessus.org/u?9c3d99f6
http://www-01.ibm.com/support/docview.wss?uid=swg21610582
http://www-01.ibm.com/support/docview.wss?uid=swg21639355
Plugin Details
Severity: High
ID: 70455
File Name: db2_101fp3.nasl
Version: 1.10
Type: remote
Family: Databases
Published: 10/16/2013
Updated: 4/11/2022
Configuration: Enable thorough checks
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: High
Base Score: 7.2
Temporal Score: 5.3
Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS v3
Risk Factor: High
Base Score: 8.8
Temporal Score: 7.7
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:ibm:db2
Exploit Ease: No known exploits are available
Patch Publication Date: 9/27/2013
Vulnerability Publication Date: 9/30/2013