SynopsisThe remote IBM DB2 database server is affected by multiple vulnerabilities.
DescriptionVersions of IBM DB2 9.7 earlier than Fix Pack 2 are potentially affected by multiple vulnerabilities :
- If the database configuration parameter 'AUTO_REVAL' is set to 'IMMEDIATE', system granted privileges are note regenerated. (IC67008)
- 'Monitor Administrative Views' available in the SYSIBMADM schema are publicly viewable. (IC67819)
- A weakness in the SSL v3 / TLS protocol involving session renegotiation may allow an attacker to inject an arbitrary amount of plaintext into the beginning of the application protocol stream, which could facilitate man-in-the-middle attacks. (IC68055)
- By sending a specially crafted packet to Tivoli Monitoring Agent (KUDDB2) listening on TCP port 6014, it may be possible to trigger a denial of service condition. (IC68762)
SolutionUpgrade to IBM DB2 9.7 Fix Pack 2 or higher.