IBM DB2 9.5 < 9.5 Fix Pack 1 Multiple Vulnerabilities

High Nessus Network Monitor Plugin ID 4612

Synopsis

The remote IBM DB2 database server is affected by multiple attack vectors.

Description

The installation of IBM DB2 on the remote host 9.5 is prior to Fix Pack 1 and is affected by one or more of the following vulnerabilities :

- There is a security vulnerability in the 'NNSTAT' procedure on Windows platforms that allows low-privileged users to overwrite arbitrary files (IZ10776)
- There is a security vulnerability in the 'SYSPROC.ADMIN_SP_C' procedure on Windows platforms that allows users to load arbitrary libraries and execute arbitrary code in the system (IZ10917)
- An unspecified vulnerability affects 'DB2WATCH' and 'DB2FREEZE' on Solaris platforms (IZ12994)
- A flaw exists as the db2ls command creates temporary files insecurely. It is possible for a local attacker to use a symlink attack against the FILE file to cause the program to unexpectedly write to any file on the system. (IZ14939)
- An authenticated remote user can cause the DB2 instance to crash by passing specially crafted parameters to the 'RECOVERJAR' and 'REMOVE_JAR' procedures (IZ15496)
- There is an internal buffer overflow vulnerability in the DAS process that could allow arbitrary code execution on the affected host (IZ12406)
- A local attacker can create arbitrary files as root on Unix and Linux platforms using symlinks to the 'dasRecoveryIndex', 'dasRecoveryIndex.tmp', '.dasRecoveryIndex.lock', and 'dasRecoveryIndex.cor' files during initialization (IZ12798)
- There is a security vulnerability related to a failure to switch the owner of the 'db2fmp' process affecting Unix and Linux platforms (IZ19155)
- When a memory dump occurs, the password used to connect to the database remains visible in clear text in memory (JR28314)

Solution

Apply IBM DB2 Version 9.5 Fix Pack 1 or higher.

See Also

http://www.securityfocus.com/archive/1/491071/100/0/threaded

http://www.securityfocus.com/archive/1/491073/100/0/threaded

http://www.securityfocus.com/archive/1/491075/100/0/threaded

http://www.securityfocus.com/archive/1/496406/30/0/threaded

http://www.securityfocus.com/archive/1/496405/30/0/threaded

http://www-1.ibm.com/support/docview.wss?uid=swg1IZ10776

http://www-1.ibm.com/support/docview.wss?uid=swg1IZ10917

http://www-1.ibm.com/support/docview.wss?uid=swg1IZ12406

http://www-1.ibm.com/support/docview.wss?uid=swg1IZ12798

http://www-1.ibm.com/support/docview.wss?uid=swg1IZ18431

http://www-1.ibm.com/support/docview.wss?uid=swg1IZ19155

http://www-1.ibm.com/support/docview.wss?uid=swg1JR28314

http://www-1.ibm.com/support/docview.wss?uid=swg1JR28431

http://www-1.ibm.com/support/docview.wss?uid=swg21287889

http://www.securityfocus.com/archive/1/archive/1/491071/100/0/threaded

http://www-01.ibm.com/support/docview.wss?uid=swg1IZ14939

Plugin Details

Severity: High

ID: 4612

File Name: 4612.prm

Family: Database

Published: 2008/08/04

Modified: 2017/02/09

Dependencies: 9531

Nessus ID: 33763

Risk Information

Risk Factor: High

CVSSv2

Base Score: 9

Temporal Score: 6.7

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSSv3

Base Score: 8.7

Temporal Score: 7.5

Vector: CVSS3#AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS3#E:U/RL:O/RC:C

Reference Information

CVE: CVE-2008-1966, CVE-2008-1997, CVE-2008-1998

BID: 28835, 28836, 28843