IBM DB2 9.5 < 9.5 Fix Pack 2 Multiple Vulnerabilities

High Nessus Network Monitor Plugin ID 4638

Synopsis

The remote IBM DB2 database server is affected by multiple vulnerabilities.

Description

The installation of IBM DB2 9.5 on the remote host does not have Fix Pack 2 applied and is affected by multiple vulnerabilities :

- An unspecified vulnerability in the way it deploys 'CLR Stored Procedures' for Visual Studio from IBM database add-ins (JR28431). - A buffer overflow condition in the DAS server code. (IZ22188)

Solution

Apply IBM DB2 Version 9.5 Fix Pack 2 or higher.

See Also

http://www-01.ibm.com/support/docview.wss?uid=swg21293566

http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22307

http://www-01.ibm.com/support/docview.wss?uid=swg1IZ28489

http://www-01.ibm.com/support/docview.wss?uid=swg1JR28431

http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22190

http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22143

http://www-01.ibm.com/support/docview.wss?uid=swg1JR30227

http://www.securityfocus.com/bid/30859

Plugin Details

Severity: High

ID: 4638

File Name: 4638.prm

Family: Database

Published: 2008/08/29

Modified: 2016/11/23

Dependencies: 9531

Nessus ID: 34056

Risk Information

Risk Factor: High

CVSSv2

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSSv3

Base Score: 7.3

Temporal Score: 6.4

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS3#E:U/RL:O/RC:C

Reference Information

CVE: CVE-2008-2154, CVE-2008-6821

BID: 30859, 35408, 35409