IBM DB2 < 9 Fix Pack 3 / 8 Fix Pack 15 Multiple Vulnerabilities

This script is Copyright (C) 2007-2016 Tenable Network Security, Inc.

Synopsis :

The remote database server is affected by multiple vulnerabilities.

Description :

According to its version, the installation of IBM DB2 running on the
remote host is affected by one or more of the following issues :

- A local user may be able to overwrite arbitrary files,
create arbitrary world-writeable directories, or gain
root privileges via symlink attacks or specially
crafted environment variables. (IY98210 / IY99261)

- A user may be able to continue to execute a method even
once privileges for the method have been revoked.
(IY88226, version 8 only)

- There is an unspecified issue allowing for privilege
elevation when DB2 'execs' executables while running as
root. (IY98206 / IY98176)

- There is an unspecified vulnerability related to
incorrect authorization routines. (JR25940, version 8

- There is an unspecified vulnerability in
'AUTH_LIST_GROUPS_FOR_AUTHID'. (IZ01828, version 9.1

- There is an unspecified vulnerability in the 'db2licm'
and 'db2pd' tools. (IY97922 / IY97936)

- There is an unspecified vulnerability involving
'db2licd' and the 'OSSEMEMDBG' and 'TRC_LOG_FILE'
environment variables. (IY98011 / IY98101)

- There is a buffer overflow involving the 'DASPROF'
environment variable. (IY97346 / IY99311)

- There is an unspecified vulnerability that can arise
during instance and FMP startup. (IZ01923 / IZ02067)

- The DB2JDS service may allow for arbitrary code
execution without the need for authentication due to a
stack overflow in an internal sprintf() call.
(IY97750, version 8 only)

- The DB2JDS service is affected by two denial of service
issues that can be triggered by packets with an invalid
LANG parameter or a long packet, which cause the process
to terminate (version 8 only).

Note that there is currently insufficient information to determine to
what extent the first set of issues overlaps the others.

See also :

Solution :

Apply IBM DB2 version 9 Fix Pack 3 / 8.1 Fix Pack 15 / 8.2 Fix Pack 8
or later.

Risk factor :

Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 7.8
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now