ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT

58477

36890

36540

IC63548

IZ46658

IZ46773

IZ46774

http://www-01.ibm.com/support/docview.wss?uid=swg21386689

http://www-01.ibm.com/support/docview.wss?uid=swg21403619

http://www-01.ibm.com/support/docview.wss?uid=swg21426108

http://www-01.ibm.com/support/docview.wss?uid=swg21432298

According to its version, the installation of IBM DB2 9.5 running on the remote host is prior to 9.5 Fix Pack 6. It is, therefore, affected by one or more of the following issues :

  - The Install component on Linux, UNIX, and Windows     enforces an unintended limit on password length, which     makes it easier for attackers to obtain access via a     brute-force attack. (IC62856)     
  - The Security component logs AUDIT events by using a     USERID and an AUTHID value corresponding to the instance     owner, instead of a USERID and an AUTHID value     corresponding to the logged-in user account, which makes     it easier for remote, authenticated users to execute     Audit administration commands without discovery.
    (IC65184)

  - A privilege escalation vulnerability exists in the     DB2STST program (on Linux and Unix platforms only).     (IC65703)

  - A malicious user could use the DB2DART program to     overwrite files owned by the instance owner. (IC65756)

  - The scalar function REPEAT contains a buffer overflow     that a malicious user with a valid database connection     could manipulate, causing the DB2 server to trap.     (IC65933)

  - The Net Search Extender implementation in the Text     Search component does not properly handle an     alphanumeric Fuzzy search, which could allow a remote,     authenticated user to consume memory or even hang     the system via the 'db2ext.textSearch' function.
    (IC66613)

  - Special group and user enumeration operation on the DB2     server or DB2 Administrator Server (DAS) could trap     when running on Windows 2008. (IC66642)

  - A weakness in the SSL v3 / TLS protocol involving     session renegotiation may allow an attacker to inject     an arbitrary amount of plaintext into the beginning of     the application protocol stream, which could facilitate     man-in-the-middle attacks. (IC68054)

  - A memory leak in the Relational Data Services component,     when the connection concentrator is enabled, allows     remote, authenticated users to cause a denial of service     (heap memory consumption) by using a different code page     than the database server. (IC68182)

  - An unspecified remote buffer overflow vulnerability exists     in the DB2 administrative server. (IC70538)

  - The 'MODIFIED SQL DATA' table function is not dropped     when a definer loses required privileges to maintain     the objects. (IZ46774)

  - The DRDA Services component allows a remote,     authenticated user to cause the database server to     ABEND by using the client CLI on Linux, UNIX, or     Windows for executing a prepared statement with a large     number of parameter markers. (IZ56428)

  - The 'Query Compiler, Rewrite, Optimizer' component     allows remote, authenticated users to cause a denial of     service (CPU consumption) via a crafted query involving     certain UNION ALL views, leading to an indefinitely     large amount of compilation time. (IZ58417)

  - The Engine Utilities component uses world-writable     permissions for the 'sqllib/cfg/db2sprf' file, which     could allow a local user to gain privileges by modifying     this file. (IZ68463)

  - The audit facility in the Security component uses     instance-level audit settings to capture CONNECT and     AUTHENTICATION events in certain circumstances in which     database-level audit settings were intended, which might     make it easier for remote attackers to connect without     discovery. (JR34218)

  - A memory leak in the Relational Data Services component     allows remote, authenticated users to cause a denial of     service (heap memory consumption) by executing a user-     defined function (UDF) or stored procedure while using a     different code page than the database server. (LI75022)

Versions of IBM DB2 9.7 earlier than Fix Pack 2 are potentially affected by multiple vulnerabilities :

  -  If the database configuration parameter 'AUTO_REVAL' is set to 'IMMEDIATE', system granted privileges are note regenerated. (IC67008)
 - 'Monitor Administrative Views' available in the SYSIBMADM schema are publicly viewable. (IC67819)
 - A weakness in the SSL v3 / TLS protocol involving session renegotiation may allow an attacker to inject an arbitrary amount of plaintext into the beginning of the application protocol stream, which could facilitate man-in-the-middle attacks. (IC68055)
 - By sending a specially crafted packet to Tivoli Monitoring Agent (KUDDB2) listening on TCP port 6014, it may be possible to trigger a denial of service condition. (IC68762)

According to its version, the installation of IBM DB2 9.7 running on the remote host is affected by one or more of the following issues :

  - The 'MODIFIED SQL DATA' table function is not dropped     when a definer loses required privileges to maintain     the objects. (IC63548)

  - A privilege escalation vulnerability exists in the     DB2STST program (on Linux and Unix platforms only).     (IC65742)

  - A malicious user could use the DB2DART program to     overwrite files owned by the instance owner. (IC65762)

  - The scalar function REPEAT contains a buffer overflow     that a malicious user with a valid database connection     could manipulate, causing the DB2 server to trap.     (IC65935)

  - Special group and user enumeration operation on the DB2     server or DB2 Administrator Server (DAS) could trap     when running on Windows 2008. (IC66643)

  - It is possible to execute non-DDL statements even after     an user's DBADM authority has been revoked. (IC66815)

  - If the database configuration parameter 'AUTO_REVAL' is     set to 'IMMEDIATE', system granted privileges are not     regenerated. (IC67008)

  - 'Monitor Administrative Views' available in SYSIBMADM     schema are publicly viewable. (IC67819)

  - A weakness in the SSL v3 / TLS protocol involving     session renegotiation may allow an attacker to inject     an arbitrary amount of plaintext into the beginning of     the application protocol stream, which could facilitate     man-in-the-middle attacks. (IC68055)

  - By sending a specially crafted packet to the Tivoli     Monitoring Agent (KUDDB2), which listens on TCP port     6014 by default, it may be possible to trigger a denial     of service condition. (IC68762)

According to its version, the installation of IBM DB2 9.1 running on the remote host is affected by one or more of the following issues :

  - The 'MODIFIED SQL DATA' table function is not dropped     when a definer loses required privileges to maintain     the objects. (IZ46773)

  - A privilege escalation vulnerability exists in the     DB2STST program (on Linux and Unix platforms only).     (IC65408)

  - A malicious user could use the DB2DART program to     overwrite files owned by the instance owner. (IC65749)

  - A heap overflow vulnerability exists in the 'REPEAT'     scalar function. A remote attacker with a valid     database connection could exploit this issue to execute     arbitrary code subject to the privileges under which     the database service operates. (IC65922)

  - Special group and user enumeration operation on the DB2     server or DB2 Administrator Server (DAS) could trap     when running on Windows 2008. (IC66099)

  - A weakness in the SSL v3 / TLS protocol involving     session renegotiation may allow an attacker to inject     an arbitrary amount of plaintext into the beginning of     the application protocol stream, which could facilitate     man-in-the-middle attacks. (IC67848)

According to its version, the IBM DB2 server running on the remote host is prior to 9.1 Fix Pack 8. It is, therefore, affected by multiple vulnerabilities :

  - MODIFIED SQL DATA table function is not dropped even if     the maintainer does not have privileges to maintain the     objects. (IZ46773)

  - It may be possible for an unauthorized user to insert,     update, or delete rows in a table. (IZ50078)  
  - An user without 'SETSESSIONUSER' privilege can perform     'SET SESSION AUTHORIZATION'. (IZ55883)

  - The 'DASAUTO' command can be run by a non-privileged     user. (IZ40340)

According to its version, the installation of IBM DB2 9.1 on the remote host is affected by one or more of the following vulnerabilities : 

  - MODIFIED SQL DATA table function is not dropped when definer loses required privileges to maintain the objects. (IZ46773/IZ46774)
  - A user without sufficient privileges could insert, update, or delete rows in a table. (IZ50078/IZ50079)
  - A user can perform 'SET SESSION AUTHORIZATION' without 'SETSESSIONUSER' privilege. (IZ55883)

The IBM DB2 database server running on the remote host is prior to 9.5 Fix Pack 4. It is, therefore, affected by  multiple issues :

  - It may be possible to connect to DB2 servers without     valid passwords, provided LDAP-based authentication     is used and the remote LDAP server is configured to     allow anonymous binds. (JR32268)

  - It may be possible to trigger a denial of service     condition by sending malicious 'connect' data stream.
    (IZ37697)

  - By connecting to a DB2 server using a third-party DRDA     client that uses IPV6 address format of the correlation     token, it may be possible to crash the remote DB2     server. (IZ38874)

  - MODIFIED SQL DATA table function is not dropped even if     the maintainer does not have privileges to maintain the     objects. (IZ46774)

  - The 'DASAUTO' command can be run by a non-privileged     user. (IZ40352)

  - It may be possible for an unauthorized user to insert,     update, or delete rows in a table. (IZ50079)

ID	Name	Product	Family	Severity
49120	IBM DB2 9.5 < Fix Pack 6a Multiple Vulnerabilities	Nessus	Databases	critical
5556	IBM DB2 9.7 < 9.7 Fix Pack 2 Multiple Vulnerabilities	Nessus Network Monitor	Database	medium
46766	IBM DB2 9.7 < Fix Pack 2 Multiple Vulnerabilities	Nessus	Databases	medium
46173	IBM DB2 9.1 < Fix Pack 9 Multiple Vulnerabilities	Nessus	Databases	medium
42044	IBM DB2 9.1 < Fix Pack 8 Multiple Vulnerabilities	Nessus	Databases	medium
5190	IBM DB2 9.1 < 9.1 Fix Pack 8 Multiple Vulnerabilities	Nessus Network Monitor	Database	medium
39007	IBM DB2 < 9.5 Fix Pack 4 Multiple Vulnerabilities	Nessus	Databases	medium

CVE-2009-3471

high

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

Vulnerable Software

Configuration 1

Tenable Plugins

critical

medium

medium

medium

medium

medium

medium