Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

DB2 < 8.1 FixPak 16 Multiple Vulnerabilities (deprecated)

High

Synopsis

The remote database server is affected by multiple issues.

Description

According to its version, the installation of DB2 on the remote host is affected by one or more of the following issues :

- A local user may be able to gain root privileges using the 'db2pd' tool (IZ03546). - The 'b2dart' tool executes a TPUT command that effectively allows users to run commands as the DB2 instance owner (IZ03647). - A buffer overflow and invalid memory access vulnerability exists in the DAS server code (IZ05496). - An unspecified vulnerability in 'SYSPROC.ADMIN_SP_C' (IZ06972). - An unspecified vulnerability exists due to incorrect authorization checking in 'ALTER TABLE' statements (IZ07337).

Solution

Upgrade or patch according to vendor recommendations.