Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

IBM DB2 10.1 < Fix Pack 5 Multiple Vulnerabilities (Bar Mitzvah)

Critical

Synopsis

The remote IBM DB2 database server is vulnerable to multiple attack vectors.

Description

Versions of IBM DB2 10.1 earlier than Fix Pack 5 are potentially affected by multiple vulnerabilities :

- An unspecified flaw exists in the monitoring or audit facility due to passwords being stored when handling specially crafted commands. A remote, authenticated attacker can exploit this to access sensitive information. (CVE-2014-0919) - A stack-based buffer overflow condition exists due to improper validation of user-supplied input when handling crafted 'ALTER MODULE' statements. A remote, authenticated attacker can exploit this to cause a denial of service or execute arbitrary code. (CVE-2014-3094) - A flaw exists when handling a crafted 'UNION' clause in a subquery of a 'SELECT' statement. A remote, authenticated attacker can exploit this to cause a denial of service. (CVE-2014-3095) - A denial of service vulnerability exists when immediate 'AUTO_REVAL' is enabled. A remote, authenticated attacker can exploit this, via a crafted 'ALTER TABLE' statement, to crash the server. (CVE-2014-6159) - A denial of service vulnerability exists when handling an identity column within a crafted 'ALTER TABLE' statement. A remote, authenticated attacker can exploit this vulnerability to crash the server. (CVE-2014-6209) - A denial of service vulnerability exists when handling multiple 'ALTER TABLE' statements specifying the same column. A remote, authenticated attacker can exploit this vulnerability to crash the server. (CVE-2014-6210) - A flaw exists that is triggered when handling specially crafted XML queries. A remote, authenticated attacker can exploit this to cause a consumption of resources, resulting in a denial of service. (CVE-2014-8901) - A flaw exists in the IBM Global Security Kit (GSKit) when handling RSA temporary keys in a non-export RSA key exchange ciphersuite. A man-in-the-middle attacker can exploit this to downgrade the session security to use weaker EXPORT_RSA ciphers, thus allowing the attacker to more easily monitor or tamper with the encrypted stream. (CVE-2015-0138) - An unspecified flaw in the General Parallel File System (GPFS) allows a local attacker to gain root privileges. (CVE-2015-0197) - A flaw exists in the General Parallel File System (GPFS), related to certain cipherList configurations, that allows a remote attacker, using specially crafted data, to bypass authentication and execute arbitrary programs with root privileges. (CVE-2015-0198) - A denial of service vulnerability exists in the General Parallel File System (GPFS) that allows a local attacker to corrupt kernel memory by sending crafted ioctl character device calls to the mmfslinux kernel module. (CVE-2015-0199) - A security feature bypass vulnerability exists, known as Bar Mitzvah, due to improper combination of state data with key data by the RC4 cipher algorithm during the initialization phase. A man-in-the-middle attacker can exploit this, via a brute-force attack using LSB values, to decrypt the traffic. (CVE-2015-2808) - An information disclosure vulnerability exists due to improper block cipher padding by TLSv1 when using Cipher Block Chaining (CBC) mode. A remote attacker, via an 'Oracle Padding' side channel attack, can exploit this vulnerability to gain access to sensitive information. Note that this is a variation of the 'POODLE' attack. - A double-free flaw exists in the CLI application. The issue is triggered as user-supplied input is not properly validated when handling client disconnects. This may allow a remote attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code. (OSVDB 125789) - A flaw exists that is triggered when handling 'SUM' or 'GROUP' BY queries with a 'SUBSELECT' that contains unnest. This may allow an attacker to cause the database to crash. (OSVDB 125797) - An unspecified flaw exists in the 'sqldRemoveCachedTableEntry()' function that may allow an authenticated attacker to cause a DB2 instance to crash. (OSVDB 125803) - A flaw exists that is triggered as user-supplied input is not properly validated when handling Partial Aggregation operators (PED, PEA). This may allow an authenticated attacker to corrupt memory and cause a denial of service. (OSVDB 125804) - A flaw exists that is due to the program setting insecure 666 permissions for log files. This may allow a local attacker to manipulate logs. (OSVDB 125805) - A flaw exists in the 'sqlex_find_group()' function in the handling of group names. This issue is triggered when returning a cumulative group name length greater than 64k for a user id. This may allow an authenticated attacker to crash the server. (OSVDB 125806) - A flaw exists in the 'sqlsBinSortPopulateRecPointers()' function. The issue is triggered as user-supplied input is not properly validated when performing resettable sorts. This may allow an authenticated attacker to corrupt memory and cause a denial of service. (OSVDB 125812) - A flaw exists that is triggered when handling generated tables with 'INSERT INTO' statements. This may allow an authenticated attacker to cause DB2 to crash. (OSVDB 125813) - A flaw exists that is triggered when invoking runstats against a user temporary table while the index clause explicitly specifies index names while omitting the index scheme name. This may allow an authenticated attacker to cause a crash. (OSVDB 125814) - A flaw exists in the DRDA communication protocol that is triggered during the handling of messages. This may allow an authenticated remote attacker to trigger a large memory overwrite. (OSVDB 125815) - A flaw exists that is due to the program insecurely loading binaries planted in a location that a SETGID or SETUID binary would execute. This may allow a local attacker to gain elevated, root privileges. (OSVDB 144339)

Solution

Upgrade to IBM DB2 10.1 Fix Pack 5 or higher.