IBM DB2 < 8 Fix Pack 7a Multiple Vulnerabilities

critical Nessus Plugin ID 15486

Synopsis

The remote database server is affected by multiple vulnerabilities.

Description

The remote host is running a vulnerable version of IBM DB2.

There are multiple remote buffer overflow vulnerabilities in this version that could allow an attacker to cause a denial of service, or possibly execute arbitrary code.

Solution

Upgrade to IBM DB2 V8 Fix Pack 7a or later.

See Also

http://www.ngssoftware.com/advisories/db223122004K.txt

https://seclists.org/vulnwatch/2004/q3/36

https://seclists.org/bugtraq/2004/Dec/353

https://seclists.org/bugtraq/2005/Jan/28

https://seclists.org/bugtraq/2005/Jan/31

https://seclists.org/bugtraq/2005/Jan/32

https://seclists.org/bugtraq/2005/Jan/33

https://seclists.org/bugtraq/2005/Jan/34

https://seclists.org/bugtraq/2005/Jan/35

https://seclists.org/bugtraq/2005/Jan/37

https://seclists.org/bugtraq/2005/Jan/38

Plugin Details

Severity: Critical

ID: 15486

File Name: db2_multiple_vulns.nasl

Version: 1.36

Type: remote

Family: Databases

Published: 10/17/2004

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.2

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:ibm:db2

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 9/1/2004

Reference Information

CVE: CVE-2004-1372, CVE-2005-0417, CVE-2005-4863, CVE-2005-4864, CVE-2005-4865, CVE-2005-4866, CVE-2005-4867, CVE-2005-4868, CVE-2005-4869, CVE-2005-4870, CVE-2005-4871

BID: 11089, 11327, 11390, 11396, 11397, 11398, 11399, 11400, 11401, 11402, 11403, 11404, 11405, 12170, 12508, 12509, 12510, 12511, 12512, 12514

CWE: 119, 200, 264

SECUNIA: 12436, 12733