Detections
Analytics
IBM DB2 9.7 < Fix Pack 11 Multiple Vulnerabilities
medium Nessus Network Monitor Plugin ID 9589
Synopsis
The remote IBM DB2 database server is affected by multiple attack vectors.Description
Versions of IBM DB2 9.7 prior to Fix Pack 11 are potentially affected by multiple vulnerabilities :- A flaw exists in the query compiler QGM that is triggered when handling duplicate reloc entry queries. This may allow an authenticated attacker to crash the database.
- A flaw exists in the 'SQLEX_FIND_GROUP()' function that is triggered during the handling of group name results. This may allow an authenticated attacker to crash the database.
- A flaw exists in the Query Compiler QGM that is triggered during the handling of 'DBCLOB' column types. This may allow an authenticated attacker to crash the database.
- A flaw exists in the 'SQLRA_GET_SECT_INFO_BY_CURSOR_NAME()' function in 'Relational Data Services' that is triggered during the handling of stored procedures. This may allow an authenticated attacker to crash the database.
- A flaw exists that is due to the program insecurely loading binaries planted in a location that a SETGID or SETUID binary would execute. This may allow a local attacker to gain elevated, root privileges.
Solution
Upgrade to IBM DB2 9.7 Fix Pack 11 or higher.See Also
http://www-01.ibm.com/support/docview.wss?uid=swg21412438#11
Plugin Details
Severity: Medium
ID: 9589
Family: Database
Published: 9/30/2016
Updated: 3/6/2019
Nessus ID: 84828
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Temporal Score: 5.9
Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C
CVSS v3
Risk Factor: Medium
Base Score: 6.5
Temporal Score: 6.2
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Temporal Vector: CVSS:3.0/E:X/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:ibm:db2
Patch Publication Date: 8/18/2016
Vulnerability Publication Date: 1/20/2016
Reference Information
CVE: CVE-2016-5995
BID: 93012