Detections
Analytics
IBM DB2 10.5 < Fix Pack 4 Multiple Vulnerabilities
high Nessus Plugin ID 77571
Language:
Synopsis
The remote database server is affected by multiple vulnerabilities.Description
According to its version, the installation of IBM DB2 10.5 running on the remote host is affected by the following vulnerabilities :- An error exists related to JavaScript Object Notation (JSON-C) handling, string parsing, and the hash function that allows denial of service attacks. (CVE-2013-6371)
- A buffer overflow error exists related to handling 'ALTER MODULE' statements that could lead to server crashes or arbitrary code execution. (CVE-2014-3094)
- An error exists related to handling 'SELECT' statements having subqueries using 'UNION' that allows denial of service attacks. (CVE-2014-3095)
- An error exists related to Columnar Data Engine (CDE) tables and 'LOAD' statement handling that allows local information disclosure. (CVE-2014-4805)
Solution
Apply IBM DB2 version 10.5 Fix Pack 4 or later.See Also
https://www-304.ibm.com/support/docview.wss?uid=swg21681723
http://www-01.ibm.com/support/docview.wss?uid=swg21647054#4
http://www-01.ibm.com/support/docview.wss?uid=swg24038261
http://www-01.ibm.com/support/docview.wss?uid=swg1IT02201
Plugin Details
Severity: High
ID: 77571
File Name: db2_105fp4.nasl
Version: 1.8
Type: remote
Family: Databases
Published: 9/9/2014
Updated: 4/11/2022
Configuration: Enable thorough checks
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: High
Base Score: 8.5
Temporal Score: 6.3
Vector: CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C
CVSS v3
Risk Factor: High
Base Score: 8.8
Temporal Score: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:ibm:db2
Exploit Ease: No known exploits are available
Patch Publication Date: 8/29/2014
Vulnerability Publication Date: 4/9/2014
Reference Information
CVE: CVE-2013-6371, CVE-2014-3094, CVE-2014-3095, CVE-2014-4805