IBM DB2 9.5 < 9.5 Fix Pack 2 Multiple Vulnerabilities

high Nessus Network Monitor Plugin ID 4638

Synopsis

The remote IBM DB2 database server is affected by multiple vulnerabilities.

Description

The installation of IBM DB2 9.5 on the remote host does not have Fix Pack 2 applied and is affected by multiple vulnerabilities :

- An unspecified vulnerability in the way it deploys 'CLR Stored Procedures' for Visual Studio from IBM database add-ins (JR28431). - A buffer overflow condition in the DAS server code. (IZ22188)

Solution

Apply IBM DB2 Version 9.5 Fix Pack 2 or higher.

See Also

http://www-01.ibm.com/support/docview.wss?uid=swg21293566

http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22307

http://www-01.ibm.com/support/docview.wss?uid=swg1IZ28489

http://www-01.ibm.com/support/docview.wss?uid=swg1JR28431

http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22190

http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22143

http://www-01.ibm.com/support/docview.wss?uid=swg1JR30227

http://www.securityfocus.com/bid/30859

Plugin Details

Severity: High

ID: 4638

Family: Database

Published: 8/29/2008

Updated: 3/6/2019

Nessus ID: 34056

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: High

Base Score: 7.3

Temporal Score: 6.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:ibm:db2

Reference Information

CVE: CVE-2008-2154, CVE-2008-6821

BID: 30859, 35408, 35409