Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | |||
Test ID: | 1.3.6.1.4.1.25623.1.0.801522 |
Category: | Databases |
Title: | IBM Db2 Multiple Vulnerabilities (Oct10) |
Summary: | IBM DB2 is prone to multiple vulnerabilities. |
Description: | Summary: IBM DB2 is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - An error in 'Install' component, which enforces an unintended limit on password length, which makes it easier for attackers to obtain access via a brute-force attack. - A buffer overflow in the 'Administration Server' component, which allows an attacker to cause a denial of service via unspecified vectors. - An error in 'DRDA Services' component, which allows remote authenticated users to cause a denial of service. - The 'Engine Utilities' component uses world-writable permissions for the 'sqllib/cfg/db2sprf' file, which allows local users to gain privileges by modifying this file. - A memory leak in the 'Relational Data Services' component, when the connection concentrator is enabled. - The 'Query Compiler, Rewrite, Optimizer' component, allows remote authenticated users to cause a denial of service (CPU consumption). - The 'Security' component logs 'AUDIT' events by using a USERID and an AUTHID value corresponding to the instance owner, instead of a USERID and an AUTHID value corresponding to the logged-in user account. - The 'Net Search Extender' (NSE) implementation in the Text Search component does not properly handle an alphanumeric Fuzzy search. - The audit facility in the 'Security' component uses instance-level audit settings to capture connection (aka CONNECT and AUTHENTICATION) events in certain circumstances in which database-level audit settings were intended. Vulnerability Impact: Successful exploitation will allow attackers to bypass security restrictions, gain knowledge of sensitive information or cause a denial of service. Affected Software/OS: IBM Db2 versions 9.5 before Fix Pack 6a. Solution: Update Db2 version 9.5 Fix Pack 6a. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C |
Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2010-3734 AIX APAR: IC62856 http://www-01.ibm.com/support/docview.wss?uid=swg1IC62856 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14764 Common Vulnerability Exposure (CVE) ID: CVE-2010-3731 AIX APAR: IC69986 http://www-01.ibm.com/support/docview.wss?uid=swg1IC69986 AIX APAR: IC70538 http://www-01.ibm.com/support/docview.wss?uid=swg1IC70538 AIX APAR: IC70539 http://www-01.ibm.com/support/docview.wss?uid=swg1IC70539 BugTraq ID: 46077 http://www.securityfocus.com/bid/46077 http://www.zerodayinitiative.com/advisories/ZDI-11-035 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14687 http://secunia.com/advisories/41686 http://www.vupen.com/english/advisories/2010/2544 Common Vulnerability Exposure (CVE) ID: CVE-2010-3732 AIX APAR: IZ56428 http://www-01.ibm.com/support/docview.wss?uid=swg1IZ56428 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14219 Common Vulnerability Exposure (CVE) ID: CVE-2010-3733 AIX APAR: IZ68463 http://www-01.ibm.com/support/docview.wss?uid=swg1IZ68463 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14707 Common Vulnerability Exposure (CVE) ID: CVE-2010-3736 AIX APAR: IC68182 http://www-01.ibm.com/support/docview.wss?uid=swg1IC68182 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13859 Common Vulnerability Exposure (CVE) ID: CVE-2010-3735 AIX APAR: IZ58417 http://www-01.ibm.com/support/docview.wss?uid=swg1IZ58417 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14736 Common Vulnerability Exposure (CVE) ID: CVE-2010-3737 AIX APAR: LI75022 http://www-01.ibm.com/support/docview.wss?uid=swg1LI75022 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14567 Common Vulnerability Exposure (CVE) ID: CVE-2010-3738 AIX APAR: IC65184 http://www-01.ibm.com/support/docview.wss?uid=swg1IC65184 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14488 Common Vulnerability Exposure (CVE) ID: CVE-2010-3740 AIX APAR: IC66613 http://www-01.ibm.com/support/docview.wss?uid=swg1IC66613 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13811 Common Vulnerability Exposure (CVE) ID: CVE-2010-3739 AIX APAR: JR34218 http://www-01.ibm.com/support/docview.wss?uid=swg1JR34218 |
Copyright | Copyright (C) 2010 Greenbone Networks GmbH |
This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |