|
Family: Databases --> Category: infos
DB2 < 9 Fixpack 2 Vulnerability Scan
Vulnerability Scan Summary Checks DB2 signature
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote database server is affected by multiple issues.
Description :
According to its version, the installation of DB2 on the remote host
allows unsafe access to several setuid-root binaries. A local user
may be able to leverage this to crash the affected database server or
possibly even gain root-level access.
In addition, the fenced userid may be able to access directories
without proper authorization.
See also :
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=480
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=481
http://archives.neohapsis.com/archives/fulldisclosure/2007-02/0521.html
http://archives.neohapsis.com/archives/fulldisclosure/2007-02/0523.html
http://www-1.ibm.com/support/docview.wss?uid=swg21255745
http://www-1.ibm.com/support/docview.wss?uid=swg21255747
http://www-1.ibm.com/support/docview.wss?uid=swg1IY86711
Solution :
Apply DB2 Version 9 FixPak 2 or later.
Threat Level:
High / CVSS Base Score : 7.0
(AV:L/AC:L/Au:NR/C:C/I:C/A:C/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|