Búsqueda de    
Vulnerabilidad   
    Buscar 219043 Descripciones CVE y
99761 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.900673
Categoría:Databases
Título:IBM Db2 Multiple Vulnerabilities (Windows)
Resumen:IBM Db2 is prone to multiple vulnerabilities.
Descripción:Summary:
IBM Db2 is prone to multiple vulnerabilities.

Vulnerability Insight:
The flaws are due to:

- An error in DRDA Services component that can be exploited via an IPv6 address
in the correlation token in the APPID string.

- An unspecified error can be exploited to connect to DB2 databases without
a valid password if ldap-based authentication is used and the LDAP server
allows anonymous binds.

Vulnerability Impact:
Successful exploitation will let the attacker bypass security restrictions,
cause a denial of service or gain elevated privileges.

Affected Software/OS:
IBM Db2 version 8 prior to Fixpack 17, 9.1 prior to Fixpack 7 and 9.5 prior to Fixpack 4.

Solution:
Update Db2 8 Fixpack 17, 9.1 Fixpack 7, 9.5 Fixpack 4 or later.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P

Referencia Cruzada: BugTraq ID: 35171
Common Vulnerability Exposure (CVE) ID: CVE-2009-1905
AIX APAR: JR32268
http://www-01.ibm.com/support/docview.wss?uid=swg1JR32268
AIX APAR: JR32272
http://www-01.ibm.com/support/docview.wss?uid=swg1JR32272
AIX APAR: JR32273
http://www-01.ibm.com/support/docview.wss?uid=swg1JR32273
http://www.securityfocus.com/bid/35171
BugTraq ID: 36540
http://www.securityfocus.com/bid/36540
http://securitytracker.com/id?1022319
http://secunia.com/advisories/31787
http://secunia.com/advisories/35235
XForce ISS Database: ibmdb2-ldap-security-bypass(50909)
https://exchange.xforce.ibmcloud.com/vulnerabilities/50909
Common Vulnerability Exposure (CVE) ID: CVE-2009-1906
AIX APAR: IZ36683
http://www-01.ibm.com/support/docview.wss?uid=swg1IZ36683
AIX APAR: IZ38874
http://www-01.ibm.com/support/docview.wss?uid=swg1IZ38874
CopyrightCopyright (C) 2009 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.




© 1998-2024 E-Soft Inc. Todos los derechos reservados.