Detections
Analytics
DB2 < 8 FixPak 17 Multiple Vulnerabilities (deprecated)
high Nessus Network Monitor Plugin ID 4680
Synopsis
The remote database server is affected by multiple issues.Description
According to its version, the installation of DB2 on the remote host is affected by multiple issues :- By sending a malicious DB2 UDB v7 client CONNECT/DETACH requests it may be possible to crash the remote DB2 server (IZ08134).
- An unspecified vulnerability related to 'DB2FMP' exists in DB2 (IZ20350).
- By sending malicious packets to 'DB2JDS', it may be possible to crash the remote DB2 server (JR29274).
- While running on Windows 'DB2FMP' runs with OS privileges (JR30228).
- DAS server code is affected by a buffer overflow vulnerability (IZ22004).
- Using INSTALL_JAR it may be possible to create and overwrite critical files on the system (IZ22142).
Solution
Apply DB2 UDB Version 8 FixPak 17 or higher.See Also
http://www-1.ibm.com/support/docview.wss?uid=swg21255352
http://www-01.ibm.com/support/docview.wss?uid=swg1IZ08134
http://www-01.ibm.com/support/docview.wss?uid=swg1IZ20350
http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22004
http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22142
http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22287
http://www-01.ibm.com/support/docview.wss?uid=swg1JR29274
Plugin Details
Severity: High
ID: 4680
Family: Database
Published: 9/16/2008
Updated: 3/6/2019
Nessus ID: 34195
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 5.5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS v3
Risk Factor: High
Base Score: 7.3
Temporal Score: 6.4
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Reference Information
CVE: CVE-2008-2154, CVE-2008-3856, CVE-2008-3958, CVE-2008-3960, CVE-2008-6820, CVE-2008-6821