Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

IBM DB2 10.5 < Fix Pack 7 Multiple Vulnerabilities

High

Synopsis

The remote IBM DB2 database server is vulnerable to multiple attack vectors.

Description

Versions of IBM DB2 10.5 earlier than Fix Pack 7 are potentially affected by multiple vulnerabilities :

- A flaw exists that is due to the program setting insecure permissions for the Self Tuning Memory Manager (STMM) log file. This may allow a local attacker to read or write to log files. (OSVDB 132441) - A flaw exists related to the improper building of binaries. This may allow a local attacker plant a malicious library in a specific location to gain elevated privileges. (OSVDB 132442) - A flaw exists in multiple methods that is triggered during the handling of queries. This may allow an authenticated attacker to crash the database. (OSVDB 132473)

Solution

Upgrade to IBM DB2 10.5 Fix Pack 7 or higher.