Búsqueda de    
Vulnerabilidad   
    Buscar 219043 Descripciones CVE y
99761 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.801522
Categoría:Databases
Título:IBM Db2 Multiple Vulnerabilities (Oct10)
Resumen:IBM DB2 is prone to multiple vulnerabilities.
Descripción:Summary:
IBM DB2 is prone to multiple vulnerabilities.

Vulnerability Insight:
Multiple flaws are due to:

- An error in 'Install' component, which enforces an unintended limit on
password length, which makes it easier for attackers to obtain access via
a brute-force attack.

- A buffer overflow in the 'Administration Server' component, which allows an
attacker to cause a denial of service via unspecified vectors.

- An error in 'DRDA Services' component, which allows remote authenticated
users to cause a denial of service.

- The 'Engine Utilities' component uses world-writable permissions for the
'sqllib/cfg/db2sprf' file, which allows local users to gain privileges by
modifying this file.

- A memory leak in the 'Relational Data Services' component, when the
connection concentrator is enabled.

- The 'Query Compiler, Rewrite, Optimizer' component, allows remote
authenticated users to cause a denial of service (CPU consumption).

- The 'Security' component logs 'AUDIT' events by using a USERID and an
AUTHID value corresponding to the instance owner, instead of a USERID and
an AUTHID value corresponding to the logged-in user account.

- The 'Net Search Extender' (NSE) implementation in the Text Search component
does not properly handle an alphanumeric Fuzzy search.

- The audit facility in the 'Security' component uses instance-level audit
settings to capture connection (aka CONNECT and AUTHENTICATION) events in
certain circumstances in which database-level audit settings were intended.

Vulnerability Impact:
Successful exploitation will allow attackers to bypass security restrictions,
gain knowledge of sensitive information or cause a denial of service.

Affected Software/OS:
IBM Db2 versions 9.5 before Fix Pack 6a.

Solution:
Update Db2 version 9.5 Fix Pack 6a.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-3734
AIX APAR: IC62856
http://www-01.ibm.com/support/docview.wss?uid=swg1IC62856
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14764
Common Vulnerability Exposure (CVE) ID: CVE-2010-3731
AIX APAR: IC69986
http://www-01.ibm.com/support/docview.wss?uid=swg1IC69986
AIX APAR: IC70538
http://www-01.ibm.com/support/docview.wss?uid=swg1IC70538
AIX APAR: IC70539
http://www-01.ibm.com/support/docview.wss?uid=swg1IC70539
BugTraq ID: 46077
http://www.securityfocus.com/bid/46077
http://www.zerodayinitiative.com/advisories/ZDI-11-035
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14687
http://secunia.com/advisories/41686
http://www.vupen.com/english/advisories/2010/2544
Common Vulnerability Exposure (CVE) ID: CVE-2010-3732
AIX APAR: IZ56428
http://www-01.ibm.com/support/docview.wss?uid=swg1IZ56428
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14219
Common Vulnerability Exposure (CVE) ID: CVE-2010-3733
AIX APAR: IZ68463
http://www-01.ibm.com/support/docview.wss?uid=swg1IZ68463
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14707
Common Vulnerability Exposure (CVE) ID: CVE-2010-3736
AIX APAR: IC68182
http://www-01.ibm.com/support/docview.wss?uid=swg1IC68182
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13859
Common Vulnerability Exposure (CVE) ID: CVE-2010-3735
AIX APAR: IZ58417
http://www-01.ibm.com/support/docview.wss?uid=swg1IZ58417
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14736
Common Vulnerability Exposure (CVE) ID: CVE-2010-3737
AIX APAR: LI75022
http://www-01.ibm.com/support/docview.wss?uid=swg1LI75022
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14567
Common Vulnerability Exposure (CVE) ID: CVE-2010-3738
AIX APAR: IC65184
http://www-01.ibm.com/support/docview.wss?uid=swg1IC65184
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14488
Common Vulnerability Exposure (CVE) ID: CVE-2010-3740
AIX APAR: IC66613
http://www-01.ibm.com/support/docview.wss?uid=swg1IC66613
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13811
Common Vulnerability Exposure (CVE) ID: CVE-2010-3739
AIX APAR: JR34218
http://www-01.ibm.com/support/docview.wss?uid=swg1JR34218
CopyrightCopyright (C) 2010 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.




© 1998-2024 E-Soft Inc. Todos los derechos reservados.