IBM DB2 Audit Facility Local Privilege Escalation Vulnerability (Linux) Network Vulnerability

Summary

This host is running IBM DB2 and is prone to privilege escalation vulnerability.

Impact

Successful exploitation will allow attacker to gain escalated privileges and cause a stack-based buffer overflow. Impact Level: Application

Solution

Apply the appropriate fix from below link, http://www-01.ibm.com/support/docview.wss?uid=swg21639355

Insight

The flaw is due to a boundary error within the setuid-set db2aud binary, which can be exploited to cause a stack-based buffer overflow.

Affected

IBM DB2 version 9.1.x, IBM DB2 version 9.5.x before FP9, IBM DB2 version 9.7.x before FP7, IBM DB2 version 9.8.x before FP5 and IBM DB2 version 10.1.x before FP1 on Linux

Detection

Get the installed version of IBM DB2 with the help of detect NVT and check the version is vulnerable or not.

References

http://secunia.com/advisories/52663
http://www-01.ibm.com/support/docview.wss?uid=swg21639355
http://xforce.iss.net/xforce/xfdb/84358

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-3475
CVSS Base Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Oracle Database Server Multiple Unspecified Vulnerabilities-01 April2014
MySQL Server Buffer Overflow Vulnerability (Linux)
IBM DB2 Multiple Vulnerabilities (Sep10)
Oracle Database Server Multiple Unspecified Vulnerabilities - April 06
Oracle Database Server MDSYS.MD Buffer Overflows and Denial of Service Vulnerabilities

Take action and discover your vulnerabilities