IBM DB2 10.5 < Fix Pack 8 / 11.x < 11.1 Multiple Vulnerabilities

critical Nessus Network Monitor Plugin ID 9590

Synopsis

The remote IBM DB2 database server is vulnerable to multiple attack vectors.

Description

Versions of IBM DB2 10.5 prior to Fix Pack 8 and 11.x prior to 11.1 are potentially affected by multiple vulnerabilities :

- An unspecified flaw exists that may allow a local attacker to gain elevated privileges. No further details have been provided by the vendor.
- An unspecified flaw exists that may allow a local attacker to gain access to arbitrary memory locations. No further details have been provided by the vendor.
- An unspecified flaw exists that is triggered when dereferencing user pointers. This may allow a local attacker to crash the file system.
- A flaw exists in the 'DTDScanner::scanChildren()' function in 'validators/DTD/DTDScanner.cpp' that is triggered when handling user requests. With a specially crafted request, a context-dependent attacker can cause the application linked against the library to exhaust resources causing it to stop responding or crash.
- A flaw exists that is triggered when a local attacker sets environment variables that are processed by setuid programs. This may allow the attacker to execute commands with root privileges.
- A flaw exists that is triggered when a local attacker supplies command line parameters to setuid programs. This may allow the attacker to execute commands with root privileges.
- An overflow condition exists that is triggered as certain input is not properly validated. This may allow an authenticated remote attacker to cause a buffer overflow, potentially allowing them to bypass security restrictions and disclose sensitive information.
- A flaw exists that is due to the program insecurely loading binaries planted in a location that a SETGID or SETUID binary would execute. This may allow a local attacker to gain elevated, root privileges.
- A flaw exists in the 'SQLNP_SCOPE_TRIAL()' function that is triggered during the handling of SQL statements. This may allow an authenticated attacker to crash the database.
- Multiple flaws exist in the Query Compiler QGM that is triggered when handling specific queries. With a specially crafted query, an authenticated attacker can cause the database to crash.

Solution

Upgrade to IBM DB2 11.1 or higher. If 11.x cannot be obtained, 10.5 Fix Pack 8 has also been patched for these vulnerabilities.

See Also

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005366

http://www-01.ibm.com/support/docview.wss?uid=swg21972152

http://www-01.ibm.com/support/docview.wss?uid=isg3T1022797

Plugin Details

Severity: Critical

ID: 9590

Family: Database

Published: 9/30/2016

Updated: 3/6/2019

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 6.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: Critical

Base Score: 9.3

Temporal Score: 8.9

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:ibm:db2

Patch Publication Date: 9/17/2015

Vulnerability Publication Date: 9/17/2015

Reference Information

CVE: CVE-2015-4974, CVE-2015-4981, CVE-2015-7403, CVE-2016-0385, CVE-2016-2984, CVE-2016-2985, CVE-2016-4463, CVE-2016-5995

BID: 77025, 77027, 79805, 91501, 92408, 92410, 92505, 93012