IBM DB2 10.5 < Fix Pack 7 Multiple Vulnerabilities

High Nessus Network Monitor Plugin ID 9200


The remote IBM DB2 database server is vulnerable to multiple attack vectors.


Versions of IBM DB2 10.5 earlier than Fix Pack 7 are potentially affected by multiple vulnerabilities :

- A flaw exists that is due to the program setting insecure permissions for the Self Tuning Memory Manager (STMM) log file. This may allow a local attacker to read or write to log files. (OSVDB 132441)
- A flaw exists related to the improper building of binaries. This may allow a local attacker plant a malicious library in a specific location to gain elevated privileges. (OSVDB 132442)
- A flaw exists in multiple methods that is triggered during the handling of queries. This may allow an authenticated attacker to crash the database. (OSVDB 132473)


Upgrade to IBM DB2 10.5 Fix Pack 7 or higher.

See Also

Plugin Details

Severity: High

ID: 9200

File Name: 9200.prm

Family: Database

Published: 2016/04/15

Modified: 2016/11/23

Dependencies: 9532

Risk Information

Risk Factor: High


Base Score: 7.2

Temporal Score: 6.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C


Base Score: 8.4

Temporal Score: 8


Temporal Vector: CVSS3#E:X/RL:O/RC:C

Vulnerability Information

Patch Publication Date: 2015/12/30

Vulnerability Publication Date: 2015/12/30

Reference Information

CVE: CVE-2015-1947

OSVDB: 132441, 132442, 132473