Detections
Analytics
IBM DB2 < 8 Fix Pack 7a Multiple Vulnerabilities
critical Nessus Plugin ID 15486
Language:
Synopsis
The remote database server is affected by multiple vulnerabilities.Description
The remote host is running a vulnerable version of IBM DB2.There are multiple remote buffer overflow vulnerabilities in this version that could allow an attacker to cause a denial of service, or possibly execute arbitrary code.
Solution
Upgrade to IBM DB2 V8 Fix Pack 7a or later.See Also
http://www.ngssoftware.com/advisories/db223122004K.txt
https://seclists.org/vulnwatch/2004/q3/36
https://seclists.org/bugtraq/2004/Dec/353
https://seclists.org/bugtraq/2005/Jan/28
https://seclists.org/bugtraq/2005/Jan/31
https://seclists.org/bugtraq/2005/Jan/32
https://seclists.org/bugtraq/2005/Jan/33
https://seclists.org/bugtraq/2005/Jan/34
https://seclists.org/bugtraq/2005/Jan/35
Plugin Details
Severity: Critical
ID: 15486
File Name: db2_multiple_vulns.nasl
Version: 1.36
Type: remote
Family: Databases
Published: 10/17/2004
Updated: 4/11/2022
Configuration: Enable thorough checks
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: High
Score: 8.2
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 8.7
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: cpe:/a:ibm:db2
Exploit Available: true
Exploit Ease: Exploits are available
Vulnerability Publication Date: 9/1/2004
Reference Information
CVE: CVE-2004-1372, CVE-2005-0417, CVE-2005-4863, CVE-2005-4864, CVE-2005-4865, CVE-2005-4866, CVE-2005-4867, CVE-2005-4868, CVE-2005-4869, CVE-2005-4870, CVE-2005-4871
BID: 11089, 11327, 11390, 11396, 11397, 11398, 11399, 11400, 11401, 11402, 11403, 11404, 11405, 12170, 12508, 12509, 12510, 12511, 12512, 12514