DB2 < 8 FixPak 17 Multiple Vulnerabilities (deprecated)

High Nessus Network Monitor Plugin ID 4680

Synopsis

The remote database server is affected by multiple issues.

Description

According to its version, the installation of DB2 on the remote host is affected by multiple issues :

- By sending a malicious DB2 UDB v7 client CONNECT/DETACH requests it may be possible to crash the remote DB2 server (IZ08134).

- An unspecified vulnerability related to 'DB2FMP' exists in DB2 (IZ20350).

- By sending malicious packets to 'DB2JDS', it may be possible to crash the remote DB2 server (JR29274).

- While running on Windows 'DB2FMP' runs with OS privileges (JR30228).

- DAS server code is affected by a buffer overflow vulnerability (IZ22004).

- Using INSTALL_JAR it may be possible to create and overwrite critical files on the system (IZ22142).

Solution

Apply DB2 UDB Version 8 FixPak 17 or higher.

See Also

http://www-1.ibm.com/support/docview.wss?uid=swg21255352

http://www-01.ibm.com/support/docview.wss?uid=swg1IZ08134

http://www-01.ibm.com/support/docview.wss?uid=swg1IZ20350

http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22004

http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22142

http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22287

http://www-01.ibm.com/support/docview.wss?uid=swg1JR29274

http://www-01.ibm.com/support/docview.wss?uid=swg1JR30228

http://www-01.ibm.com/support/docview.wss?uid=swg21255352

Plugin Details

Severity: High

ID: 4680

Family: Database

Published: 2008/09/16

Modified: 2016/01/15

Nessus ID: 34195

Risk Information

Risk Factor: High

CVSSv2

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSSv3

Base Score: 7.3

Temporal Score: 6.4

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS3#E:U/RL:O/RC:C

Reference Information

CVE: CVE-2008-3856, CVE-2008-6820, CVE-2008-6821, CVE-2008-2154, CVE-2008-3958, CVE-2008-3960

BID: 31058, 35408, 35409