Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

DB2 < 8 FixPak 17 Multiple Vulnerabilities (deprecated)

High

Synopsis

The remote database server is affected by multiple issues.

Description

According to its version, the installation of DB2 on the remote host is affected by multiple issues :

- By sending a malicious DB2 UDB v7 client CONNECT/DETACH requests it may be possible to crash the remote DB2 server (IZ08134).

- An unspecified vulnerability related to 'DB2FMP' exists in DB2 (IZ20350).

- By sending malicious packets to 'DB2JDS', it may be possible to crash the remote DB2 server (JR29274).

- While running on Windows 'DB2FMP' runs with OS privileges (JR30228).

- DAS server code is affected by a buffer overflow vulnerability (IZ22004).

- Using INSTALL_JAR it may be possible to create and overwrite critical files on the system (IZ22142).

Solution

Apply DB2 UDB Version 8 FixPak 17 or higher.