IBM DB2 10.5 < Fix Pack 7 Multiple Vulnerabilities
High Nessus Network Monitor Plugin ID 9200
The remote IBM DB2 database server is vulnerable to multiple attack vectors.
Versions of IBM DB2 10.5 earlier than Fix Pack 7 are potentially affected by multiple vulnerabilities : - A flaw exists that is due to the program setting insecure permissions for the Self Tuning Memory Manager (STMM) log file. This may allow a local attacker to read or write to log files. (OSVDB 132441) - A flaw exists related to the improper building of binaries. This may allow a local attacker plant a malicious library in a specific location to gain elevated privileges. (OSVDB 132442) - A flaw exists in multiple methods that is triggered during the handling of queries. This may allow an authenticated attacker to crash the database. (OSVDB 132473)