Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

IBM DB2 9.5 < 9.5 Fix Pack 9 Multiple Vulnerabilities

Medium

Synopsis

The remote IBM DB2 database server is vulnerable to multiple attack vectors.

Description

Versions of IBM DB2 9.5 earlier than Fix Pack 9 are potentially affected by multiple issues :

- Incorrect, world-writable file permissions are in place for the file 'NODES.REG'. (IC79518) - An unspecified error can allow attacks to cause a denial of service via unspecified vectors. (IC76899) - A local user can exploit a vulnerability in the bundled IBM Tivoli Monitoring Agent (ITMA) to escalate their privileges. (IC79970) - An unspecified error in the DB2 Administration Server (DAS) can allow remote privilege escalation or denial of service via unspecified vectors. Note that this issue does not affect Windows hosts. (IC80728) - An authorized user with 'CONNECT' privileges from 'PUBLIC' can cause a denial of service via unspecified methods related to DB2's XML feature. (IC81379) - An authorized user with 'CONNECT' and 'CREATEIN' privileges on a database can perform unauthorized reads on tables. (IC81387)

Solution

Upgrade to IBM DB2 9.5 Fix Pack 9 or higher.