Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

IBM DB2 9.8 < Fix Pack 5 Multiple Vulnerabilities

Medium

Synopsis

The remote IBM DB2 database server is vulnerable to multiple attack vectors.

Description

Versions of IBM DB2 9.8 earlier than Fix Pack 5 are potentially affected by multiple issues :

- A flaw exists in relational data services that is due to privileges persisting when they're removed from users. This may allow attackers to execute non-DDL statements after their privileges have been revoked. (OSVDB 125198) - A flaw exists that is triggered when Self Tuning Memory Manager (STMM) is enabled and DATABASE_MEMORY is set to AUTOMATIC. This may allow a local attacker to potentially cause a crash. (OSVDB 125199) - An authorized user with 'CONNECT' privileges from 'PUBLIC' can cause a denial of service via unspecified methods related to DB2's XML feature. (CVE-2012-0712) - An unspecified information disclosure vulnerability exists related to the XML feature that can allow improper access to arbitrary XML files. (CVE-2012-0713) - An error exists related to the Distributed RelationalDatabase Architecture (DRDA) that can allow denial of service conditions when processing certain request. (CVE-2012-2180)

Solution

Upgrade to IBM DB2 9.8 Fix Pack 5 or higher.