Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | |||
Test ID: | 1.3.6.1.4.1.25623.1.0.801930 |
Category: | Databases |
Title: | IBM Db2 Multiple Security Bypass Vulnerabilities (May-11) |
Summary: | The host is running IBM Db2 and is prone to multiple security bypass; vulnerabilities. |
Description: | Summary: The host is running IBM Db2 and is prone to multiple security bypass vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - An access validation error which could allow users to update statistics for tables without appropriate privileges. - An error when revoking role memberships, which could result in a user continuing to have privileges to execute a non-DDL statement after role membership has been revoked from its group. Vulnerability Impact: Successful exploitation will allow attackers to bypass security restrictions, gain knowledge of sensitive information or cause a denial of service. Affected Software/OS: IBM Db2 versions prior to 9.5 Fix Pack 7 and prior to 9.7 Fix Pack 4 Solution: Update Db2 to 9.5 Fix Pack 7, 9.7 Fix Pack 4, or later. CVSS Score: 6.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P |
Cross-Ref: |
BugTraq ID: 47525 Common Vulnerability Exposure (CVE) ID: CVE-2011-1846 AIX APAR: IC71263 http://www-01.ibm.com/support/docview.wss?uid=swg1IC71263 AIX APAR: IC71375 http://www-01.ibm.com/support/docview.wss?uid=swg1IC71375 http://www.securityfocus.com/bid/47525 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14688 http://secunia.com/advisories/44229 http://www.vupen.com/english/advisories/2011/1083 XForce ISS Database: db2-data-services-sec-bypass(66980) https://exchange.xforce.ibmcloud.com/vulnerabilities/66980 Common Vulnerability Exposure (CVE) ID: CVE-2011-1847 AIX APAR: IC71413 http://www-01.ibm.com/support/docview.wss?uid=swg1IC71413 AIX APAR: IC72119 http://www-01.ibm.com/support/docview.wss?uid=swg1IC72119 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14122 XForce ISS Database: ibm-db2-rds-sec-bypass(66979) https://exchange.xforce.ibmcloud.com/vulnerabilities/66979 |
Copyright | Copyright (C) 2011 Greenbone Networks GmbH |
This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |