IBM DB2 9.5 < 9.5 Fix Pack 9 Multiple Vulnerabilities
Medium Nessus Network Monitor Plugin ID 6347
The remote IBM DB2 database server is vulnerable to multiple attack vectors.
Versions of IBM DB2 9.5 earlier than Fix Pack 9 are potentially affected by multiple issues : - Incorrect, world-writable file permissions are in place for the file 'NODES.REG'. (IC79518) - An unspecified error can allow attacks to cause a denial of service via unspecified vectors. (IC76899) - A local user can exploit a vulnerability in the bundled IBM Tivoli Monitoring Agent (ITMA) to escalate their privileges. (IC79970) - An unspecified error in the DB2 Administration Server (DAS) can allow remote privilege escalation or denial of service via unspecified vectors. Note that this issue does not affect Windows hosts. (IC80728) - An authorized user with 'CONNECT' privileges from 'PUBLIC' can cause a denial of service via unspecified methods related to DB2's XML feature. (IC81379) - An authorized user with 'CONNECT' and 'CREATEIN' privileges on a database can perform unauthorized reads on tables. (IC81387)