IBM DB2 10.5 < Fix Pack 7 Multiple Vulnerabilities

High Nessus Network Monitor Plugin ID 9200

Synopsis

The remote IBM DB2 database server is vulnerable to multiple attack vectors.

Description

Versions of IBM DB2 10.5 earlier than Fix Pack 7 are potentially affected by multiple vulnerabilities :

- A flaw exists that is due to the program setting insecure permissions for the Self Tuning Memory Manager (STMM) log file. This may allow a local attacker to read or write to log files.
- A flaw exists related to the improper building of binaries. This may allow a local attacker plant a malicious library in a specific location to gain elevated privileges.
- A flaw exists in multiple methods that is triggered during the handling of queries. This may allow an authenticated attacker to crash the database.

Solution

Upgrade to IBM DB2 10.5 Fix Pack 7 or higher.

See Also

http://www-01.ibm.com/support/docview.wss?uid=swg21633303

http://www.ibm.com/support/docview.wss?uid=swg1IT07810

http://www.ibm.com/support/docview.wss?uid=swg1IT04378

http://www.ibm.com/support/docview.wss?uid=swg1IT07660

http://www.ibm.com/support/docview.wss?uid=swg1IT10766

http://www.ibm.com/support/docview.wss?uid=swg1IT10590

http://www.ibm.com/support/docview.wss?uid=swg1IT08116

http://www.ibm.com/support/docview.wss?uid=swg1IT07276

http://www.ibm.com/support/docview.wss?uid=swg1IT09584

http://www.ibm.com/support/docview.wss?uid=swg1IT10949

http://www.ibm.com/support/docview.wss?uid=swg1IT08650

http://www.ibm.com/support/docview.wss?uid=swg1IT10769

http://www-01.ibm.com/support/docview.wss?uid=swg21647054#7

http://www-01.ibm.com/support/docview.wss?uid=swg21974446

http://www-01.ibm.com/support/docview.wss?uid=swg21967131

http://www-01.ibm.com/support/docview.wss?uid=swg21970376

http://www-01.ibm.com/support/docview.wss?uid=swg21972564

http://www-01.ibm.com/support/docview.wss?uid=swg1IT08755

http://www-01.ibm.com/support/docview.wss?uid=swg1IT08751

http://www-01.ibm.com/support/docview.wss?uid=swg1IT08754

https://www-304.ibm.com/support/docview.wss?uid=nas8N1021188

http://www.ibm.com/support/docview.wss?uid=swg1IT08753

Plugin Details

Severity: High

ID: 9200

Family: Database

Published: 2016/04/15

Updated: 2019/03/06

Dependencies: 9532

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.2

Temporal Score: 6.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

CVSS v3.0

Base Score: 8.4

Temporal Score: 8

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:ibm:infosphere_biginsights

Patch Publication Date: 2015/12/30

Vulnerability Publication Date: 2015/12/30

Reference Information

CVE: CVE-2015-1947