DB2 < 8 FixPak 17 Multiple Vulnerabilities (deprecated)

high Nessus Network Monitor Plugin ID 4680

Synopsis

The remote database server is affected by multiple issues.

Description

According to its version, the installation of DB2 on the remote host is affected by multiple issues :

- By sending a malicious DB2 UDB v7 client CONNECT/DETACH requests it may be possible to crash the remote DB2 server (IZ08134).

- An unspecified vulnerability related to 'DB2FMP' exists in DB2 (IZ20350).

- By sending malicious packets to 'DB2JDS', it may be possible to crash the remote DB2 server (JR29274).

- While running on Windows 'DB2FMP' runs with OS privileges (JR30228).

- DAS server code is affected by a buffer overflow vulnerability (IZ22004).

- Using INSTALL_JAR it may be possible to create and overwrite critical files on the system (IZ22142).

Solution

Apply DB2 UDB Version 8 FixPak 17 or higher.

See Also

http://www-1.ibm.com/support/docview.wss?uid=swg21255352

http://www-01.ibm.com/support/docview.wss?uid=swg1IZ08134

http://www-01.ibm.com/support/docview.wss?uid=swg1IZ20350

http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22004

http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22142

http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22287

http://www-01.ibm.com/support/docview.wss?uid=swg1JR29274

http://www-01.ibm.com/support/docview.wss?uid=swg1JR30228

http://www-01.ibm.com/support/docview.wss?uid=swg21255352

Plugin Details

Severity: High

ID: 4680

Family: Database

Published: 9/16/2008

Updated: 3/6/2019

Nessus ID: 34195

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: High

Base Score: 7.3

Temporal Score: 6.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Reference Information

CVE: CVE-2008-2154, CVE-2008-3856, CVE-2008-3958, CVE-2008-3960, CVE-2008-6820, CVE-2008-6821

BID: 31058, 35408, 35409