IBM DB2 9.x < 9 Fix Pack 5 Multiple Vulnerabilities

Critical Nessus Network Monitor Plugin ID 4536


The remote IBM DB2 database server is affected by multiple vulnerabilities.


According to its version, the installation of IBM DB2 on the remote host is affected by one or more of the following vulnerabilities :

- There is an unspecified security vulnerability related to a 'DB2FMP' process (IZ20352).
- There is an unspecified security vulnerability in a CLR-stored procedure deployment from IBM Database Add-Ins for Visual Studio (JR28432).
- The password used to connect to the database can be seen in plaintext in a memory dump (JR27422).
- There is a possible stack variable overrun in 'SQLRLAKA()' (IZ16346).
- A local privilege escalation vulnerability via file creation can result in root-level access (IZ12735).
- There are possible buffer overflows involving 'XQUERY', 'XMLQUERY', 'XMLEXISTS', and 'XMLTABLE' (IZ18434).


Upgrade to IBM DB2 9.1 Fix Pack 6 or higher.

See Also

Plugin Details

Severity: Critical

ID: 4536

File Name: 4536.prm

Family: Database

Published: 2004/08/18

Modified: 2016/11/23

Dependencies: 9531

Nessus ID: 33128

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C


Base Score: 9.8

Temporal Score: 8.5


Temporal Vector: CVSS3#E:U/RL:O/RC:C

Reference Information

CVE: CVE-2008-2154, CVE-2008-6821, CVE-2008-1966, CVE-2008-3852, CVE-2008-3853, CVE-2008-3854, CVE-2008-3855, CVE-2008-3856, CVE-2008-3857, CVE-2008-3858

BID: 29601, 35408, 35409