IBM DB2 9.7 < Fix Pack 11 Multiple Vulnerabilities

medium Nessus Network Monitor Plugin ID 9589

Synopsis

The remote IBM DB2 database server is affected by multiple attack vectors.

Description

Versions of IBM DB2 9.7 prior to Fix Pack 11 are potentially affected by multiple vulnerabilities :

- A flaw exists in the query compiler QGM that is triggered when handling duplicate reloc entry queries. This may allow an authenticated attacker to crash the database.
- A flaw exists in the 'SQLEX_FIND_GROUP()' function that is triggered during the handling of group name results. This may allow an authenticated attacker to crash the database.
- A flaw exists in the Query Compiler QGM that is triggered during the handling of 'DBCLOB' column types. This may allow an authenticated attacker to crash the database.
- A flaw exists in the 'SQLRA_GET_SECT_INFO_BY_CURSOR_NAME()' function in 'Relational Data Services' that is triggered during the handling of stored procedures. This may allow an authenticated attacker to crash the database.
- A flaw exists that is due to the program insecurely loading binaries planted in a location that a SETGID or SETUID binary would execute. This may allow a local attacker to gain elevated, root privileges.

Solution

Upgrade to IBM DB2 9.7 Fix Pack 11 or higher.

See Also

http://www-01.ibm.com/support/docview.wss?uid=swg21412438#11

http://www-01.ibm.com/support/docview.wss?uid=swg1IT06778

Plugin Details

Severity: Medium

ID: 9589

Family: Database

Published: 9/30/2016

Updated: 3/6/2019

Nessus ID: 84828

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 6.2

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:ibm:db2

Patch Publication Date: 8/18/2016

Vulnerability Publication Date: 1/20/2016

Reference Information

CVE: CVE-2016-5995

BID: 93012