IBM DB2 9.5 < 9.5 Fix Pack 9 Multiple Vulnerabilities

Medium Nessus Network Monitor Plugin ID 6347


The remote IBM DB2 database server is vulnerable to multiple attack vectors.


Versions of IBM DB2 9.5 earlier than Fix Pack 9 are potentially affected by multiple issues :

- Incorrect, world-writable file permissions are in place for the file 'NODES.REG'. (IC79518)
- An unspecified error can allow attacks to cause a denial of service via unspecified vectors. (IC76899)
- A local user can exploit a vulnerability in the bundled IBM Tivoli Monitoring Agent (ITMA) to escalate their privileges. (IC79970)
- An unspecified error in the DB2 Administration Server (DAS) can allow remote privilege escalation or denial of service via unspecified vectors. Note that this issue does not affect Windows hosts. (IC80728)
- An authorized user with 'CONNECT' privileges from 'PUBLIC' can cause a denial of service via unspecified methods related to DB2's XML feature. (IC81379)
- An authorized user with 'CONNECT' and 'CREATEIN' privileges on a database can perform unauthorized reads on tables. (IC81387)


Upgrade to IBM DB2 9.5 Fix Pack 9 or higher.

See Also

Plugin Details

Severity: Medium

ID: 6347

File Name: 6347.prm

Family: Database

Published: 2012/03/14

Modified: 2016/10/18

Dependencies: 9531

Nessus ID: 58293

Risk Information

Risk Factor: Medium


Base Score: 6

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:C


Base Score: 5

Temporal Score: 4.6


Temporal Vector: CVSS3#E:F/RL:O/RC:C

Vulnerability Information

Patch Publication Date: 2012/03/06

Vulnerability Publication Date: 2012/03/06

Reference Information

BID: 52326

IAVB: 2012-B-0030