Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

IBM DB2 9.7 < 9.7 Fix Pack 2 Multiple Vulnerabilities

Medium

Synopsis

The remote IBM DB2 database server is affected by multiple vulnerabilities.

Description

Versions of IBM DB2 9.7 earlier than Fix Pack 2 are potentially affected by multiple vulnerabilities :

- If the database configuration parameter 'AUTO_REVAL' is set to 'IMMEDIATE', system granted privileges are note regenerated. (IC67008) - 'Monitor Administrative Views' available in the SYSIBMADM schema are publicly viewable. (IC67819) - A weakness in the SSL v3 / TLS protocol involving session renegotiation may allow an attacker to inject an arbitrary amount of plaintext into the beginning of the application protocol stream, which could facilitate man-in-the-middle attacks. (IC68055) - By sending a specially crafted packet to Tivoli Monitoring Agent (KUDDB2) listening on TCP port 6014, it may be possible to trigger a denial of service condition. (IC68762)

Solution

Upgrade to IBM DB2 9.7 Fix Pack 2 or higher.