IBM DB2 9.1 < 9.1 Fix Pack 2 Multiple Vulnerabilities

high Nessus Network Monitor Plugin ID 3921

Synopsis

The remote IBM DB2 database server is affected by multiple vulnerabilities.

Description

According to its version, the installation of IBM DB2 9.1 on the remote host is reported to be vulnerable to a number of local flaws. The most serious of these flaws involves a local buffer overflow. An attacker exploiting these flaws would need local access to the DB2 server. Successful exploitation would result in the attacker executing arbitrary code.

Solution

Upgrade to IBM DB2 9.1 Fix Pack 2 or higher.

See Also

http://www-1.ibm.com/support/docview.wss?uid=swg21255747

Plugin Details

Severity: High

ID: 3921

Family: Database

Published: 2/23/2007

Updated: 3/6/2019

Nessus ID: 24699

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: High

Base Score: 8.4

Temporal Score: 7.3

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:ibm:db2

Reference Information

CVE: CVE-2007-1086, CVE-2007-1087, CVE-2007-1088, CVE-2007-1228

BID: 22729, 22677