This script is Copyright (C) 2007-2016 Tenable Network Security, Inc.
The remote database server is affected by multiple vulnerabilities.
According to its version, the installation of IBM DB2 running on the
remote host is affected by one or more of the following issues :
- A local user may be able to overwrite arbitrary files,
create arbitrary world-writeable directories, or gain
root privileges via symlink attacks or specially
crafted environment variables. (IY98210 / IY99261)
- A user may be able to continue to execute a method even
once privileges for the method have been revoked.
(IY88226, version 8 only)
- There is an unspecified issue allowing for privilege
elevation when DB2 'execs' executables while running as
root. (IY98206 / IY98176)
- There is an unspecified vulnerability related to
incorrect authorization routines. (JR25940, version 8
- There is an unspecified vulnerability in
'AUTH_LIST_GROUPS_FOR_AUTHID'. (IZ01828, version 9.1
- There is an unspecified vulnerability in the 'db2licm'
and 'db2pd' tools. (IY97922 / IY97936)
- There is an unspecified vulnerability involving
'db2licd' and the 'OSSEMEMDBG' and 'TRC_LOG_FILE'
environment variables. (IY98011 / IY98101)
- There is a buffer overflow involving the 'DASPROF'
environment variable. (IY97346 / IY99311)
- There is an unspecified vulnerability that can arise
during instance and FMP startup. (IZ01923 / IZ02067)
- The DB2JDS service may allow for arbitrary code
execution without the need for authentication due to a
stack overflow in an internal sprintf() call.
(IY97750, version 8 only)
- The DB2JDS service is affected by two denial of service
issues that can be triggered by packets with an invalid
LANG parameter or a long packet, which cause the process
to terminate (version 8 only).
Note that there is currently insufficient information to determine to
what extent the first set of issues overlaps the others.
See also :
Apply IBM DB2 version 9 Fix Pack 3 / 8.1 Fix Pack 15 / 8.2 Fix Pack 8
Risk factor :
Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 7.8
Public Exploit Available : true
Nessus Plugin ID: 25905 (db2_9fp3.nasl)
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now