IBM DB2 9.7 < 9.7 Fix Pack 2 Multiple Vulnerabilities

Medium Nessus Network Monitor Plugin ID 5556


The remote IBM DB2 database server is affected by multiple vulnerabilities.


Versions of IBM DB2 9.7 earlier than Fix Pack 2 are potentially affected by multiple vulnerabilities :

- If the database configuration parameter 'AUTO_REVAL' is set to 'IMMEDIATE', system granted privileges are note regenerated. (IC67008)
- 'Monitor Administrative Views' available in the SYSIBMADM schema are publicly viewable. (IC67819)
- A weakness in the SSL v3 / TLS protocol involving session renegotiation may allow an attacker to inject an arbitrary amount of plaintext into the beginning of the application protocol stream, which could facilitate man-in-the-middle attacks. (IC68055)
- By sending a specially crafted packet to Tivoli Monitoring Agent (KUDDB2) listening on TCP port 6014, it may be possible to trigger a denial of service condition. (IC68762)


Upgrade to IBM DB2 9.7 Fix Pack 2 or higher.

See Also

Plugin Details

Severity: Medium

ID: 5556

File Name: 5556.prm

Family: Database

Published: 2010/06/01

Modified: 2017/02/02

Dependencies: 9531

Nessus ID: 46766

Risk Information

Risk Factor: Medium


Base Score: 5.8

Temporal Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N

Temporal Vector: CVSS2#E:U/RL:OF/RC:C


Base Score: 4.8

Temporal Score: 4.2


Temporal Vector: CVSS3#E:U/RL:O/RC:C

Vulnerability Information

Patch Publication Date: 2010/05/28

Vulnerability Publication Date: 2010/05/28

Reference Information

CVE: CVE-2009-3471, CVE-2009-3555, CVE-2010-0462, CVE-2010-0472, CVE-2010-3193, CVE-2010-3194, CVE-2010-3195, CVE-2010-3196, CVE-2010-3197, CVE-2011-0757

BID: 36540, 36935, 37976, 38018, 40446

IAVA: 2011-A-0066