Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

IBM DB2 9.7 < Fix Pack 11 Multiple Vulnerabilities

Medium

Synopsis

The remote IBM DB2 database server is affected by multiple attack vectors.

Description

Versions of IBM DB2 9.7 prior to Fix Pack 11 are potentially affected by multiple vulnerabilities :

- A flaw exists in the query compiler QGM that is triggered when handling duplicate reloc entry queries. This may allow an authenticated attacker to crash the database. (OSVDB 143470) - A flaw exists in the 'SQLEX_FIND_GROUP()' function that is triggered during the handling of group name results. This may allow an authenticated attacker to crash the database. (OSVDB 143471) - A flaw exists in the Query Compiler QGM that is triggered during the handling of 'DBCLOB' column types. This may allow an authenticated attacker to crash the database. (OSVDB 143501) - A flaw exists in the 'SQLRA_GET_SECT_INFO_BY_CURSOR_NAME()' function in 'Relational Data Services' that is triggered during the handling of stored procedures. This may allow an authenticated attacker to crash the database. (OSVDB 143503) - A flaw exists that is due to the program insecurely loading binaries planted in a location that a SETGID or SETUID binary would execute. This may allow a local attacker to gain elevated, root privileges. (OSVDB 144339)

Solution

Upgrade to IBM DB2 9.7 Fix Pack 11 or higher.