IBM DB2 < 9 Fix Pack 5 Multiple Vulnerabilities

critical Nessus Plugin ID 33128

Synopsis

The remote database server is affected by multiple vulnerabilities.

Description

According to its version, the IBM DB2 server running on the remote host is affected by one or more of the following issues :

- There is an unspecified security vulnerability related to a 'DB2FMP' process. (IZ20352)

- On Windows, the 'DB2FMP' process is running with OS privileges. (JR30026)

- The CLR stored procedure deployment feature of IBM Database Add-Ins for Visual Studio can be used to escalate privileges or launch a denial of service attack against a DB2 server. (JR28432)

- The password used to connect to the database can be seen in plaintext in a memory dump. (JR27422)

- There is a possible stack variable overrun in 'SQLRLAKA()'. (IZ16346)

- A local privilege escalation vulnerability via file creation can result in root-level access. (IZ12735)

- There are possible buffer overflows involving 'XQUERY', 'XMLQUERY', 'XMLEXISTS', and 'XMLTABLE'. (IZ18434)

- A specially crafted client CONNECT request could crash the server. (IZ07299)

- There is an unspecified remote buffer overflow in DAS server code. (IZ22188)

- INSTALL_JAR can be used to create or overwrite critical system files. (IZ21983)

Solution

Apply IBM DB2 Version 9 Fix Pack 5 or later.

See Also

https://www.securityfocus.com/archive/1/496406/30/0/threaded

https://www.securityfocus.com/archive/1/496405/30/0/threaded

https://www-01.ibm.com/support/docview.wss?uid=swg21255607

https://www-01.ibm.com/support/docview.wss?uid=swg1IZ20352

https://www-01.ibm.com/support/docview.wss?uid=swg1JR30026

https://www-01.ibm.com/support/docview.wss?uid=swg1JR28432

https://www-01.ibm.com/support/docview.wss?uid=swg1IZ12735

https://www-01.ibm.com/support/docview.wss?uid=swg1JR27422

https://www-01.ibm.com/support/docview.wss?uid=swg1IZ16346

https://www-01.ibm.com/support/docview.wss?uid=swg1IZ18434

https://www-01.ibm.com/support/docview.wss?uid=swg1IZ07299

https://www-01.ibm.com/support/docview.wss?uid=swg1IZ22188

https://www-01.ibm.com/support/docview.wss?uid=swg1IZ21983

Plugin Details

Severity: Critical

ID: 33128

File Name: db2_9fp5.nasl

Version: 1.28

Type: remote

Family: Databases

Published: 6/10/2008

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:ibm:db2

Exploit Ease: No known exploits are available

Reference Information

CVE: CVE-2008-2154, CVE-2008-3852, CVE-2008-3854, CVE-2008-3855, CVE-2008-3856, CVE-2008-3857, CVE-2008-6821

BID: 29601, 35408, 35409

CWE: 119, 16, 200, 264

SECUNIA: 30558