Detections
Analytics

IBM DB2 < 8.1 Fix Pack 14 Multiple Vulnerabilities

medium Nessus Plugin ID 23937

Language:

Synopsis

The remote database server is affected by multiple vulnerabilities.

Description

According to its version, the installation of IBM DB2 running on the remote host may crash when processing specially crafted SQLJRA packets because it attempts to dereference a NULL pointer in the sqle_db2ra_as_recvrequest() function. A remote attacker can send such packets without authentication to deny service to legitimate users of the application.

In addition, the fenced userid may be able to access directories without proper authorization.

Solution

Apply IBM DB2 UDB Version 8.1 Fix Pack 14 or later.

See Also

https://www.trustwave.com/Company/AppSecInc-is-now-Trustwave/

http://www-1.ibm.com/support/docview.wss?uid=swg24014043

http://www-1.ibm.com/support/docview.wss?uid=swg1IY86711

Plugin Details

Severity: Medium

ID: 23937

File Name: db2_81fp14.nasl

Version: 1.25

Type: remote

Family: Databases

Published: 12/23/2006

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 2.5

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 4.6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:ibm:db2

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 7/6/2006

Reference Information

CVE: CVE-2006-6638, CVE-2007-1228

BID: 21646, 22729

CWE: 287