Detections
Analytics
IBM DB2 8.1 < Fix Pack 18 Multiple Vulnerabilities
medium Nessus Plugin ID 40662
Language:
Synopsis
The remote database server is affected by multiple vulnerabilities.Description
According to its version, the installation of IBM DB2 8.1 running on the remote host is affected by one or more of the following issues :- A local attacker may be able to gain write access to an arbitrary file using DAS, which could lead to gaining root privileges. (IZ34149)
- It may be possible to crash the server by sending specially crafted packets to the 'DB2JDS' service. (IZ52433)
- The security component in UNIX installs is affected by a private memory leak. (IZ35635)
- The 'DASAUTO' command can be run by a non-privileged user. (IZ40343)
Solution
Apply IBM DB2 UDB version 8.1 Fix Pack 18 or later.See Also
https://www.securityfocus.com/archive/1/507237/30/0/threaded
http://www-01.ibm.com/support/docview.wss?rs=71&uid=swg21255352
https://www-01.ibm.com/support/docview.wss?uid=swg1IZ34149
https://www-01.ibm.com/support/docview.wss?uid=swg1IZ52433
Plugin Details
Severity: Medium
ID: 40662
File Name: db2_81fp18.nasl
Version: 1.18
Type: remote
Family: Databases
Published: 8/20/2009
Updated: 4/11/2022
Configuration: Enable thorough checks
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.2
CVSS v2
Risk Factor: Medium
Base Score: 5
Temporal Score: 3.7
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS v3
Risk Factor: Medium
Base Score: 5.3
Temporal Score: 4.6
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:ibm:db2
Exploit Ease: No known exploits are available
Patch Publication Date: 8/14/2009
Vulnerability Publication Date: 8/14/2009
Reference Information
CVE: CVE-2009-2858, CVE-2009-2859, CVE-2009-2860
BID: 36059