Detections
Analytics
IBM DB2 9.7 < FP11 Special Build 38744 / 10.1 < FP6 Special Build 38745 / 10.5 < FP10 Special Build 38746 / 11.1 < M4FP5 Buffer Overflow Vulnerability (UNIX)
high Nessus Plugin ID 126635
Language:
Synopsis
The remote database server is affected by a local privilege escalation vulnerability.Description
According to its version, the installation of IBM DB2 running on the remote host is either 9.7 prior to Fix Pack 11 Special Build 38744, 10.1 prior to Fix Pack 6 Special Build 38745, 10.5 prior to Fix Pack 10 Special Build 38746, or 11.1 prior to Mod 4 Fix Pack 5. It is, therefore, affected by a local privilege escalation vulnerability due to multiple buffer overflow vulnerabilities in DB2.Solution
Apply the appropriate IBM DB2 Fix Pack or Special Build based on the most recent fix pack level for your branch.See Also
http://www.nessus.org/u?08deaf85
http://www.nessus.org/u?2d40f485
http://www.nessus.org/u?6dbf8ac9
http://www.nessus.org/u?88af628b
Plugin Details
Severity: High
ID: 126635
File Name: db2_1114fp4a_nix.nasl
Version: 1.6
Type: local
Agent: windows, macosx, unix
Family: Databases
Published: 7/12/2019
Updated: 7/26/2022
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: High
Base Score: 7.2
Temporal Score: 5.3
Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2019-4014
CVSS v3
Risk Factor: High
Base Score: 7.8
Temporal Score: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:ibm:db2
Required KB Items: installed_sw/DB2 Server
Excluded KB Items: SMB/db2/Installed
Exploit Ease: No known exploits are available
Patch Publication Date: 6/27/2019
Vulnerability Publication Date: 6/27/2019
Reference Information
CVE: CVE-2019-4014, CVE-2019-4101, CVE-2019-4102, CVE-2019-4154, CVE-2019-4322, CVE-2019-4386