IBM DB2 UTL_FILE Module Directory Traversal Vulnerability (Windows) Network Vulnerability

Summary

The host is running IBM DB2 and is prone to directory traversal vulnerability.

Impact

Successful exploitation allows remote users to modify, delete or read arbitrary files via a pathname in the file field. Impact Level: Application

Solution

Upgrade to IBM DB2 version 10.1 FP1 or later, For updates refer to http://www-01.ibm.com/support/docview.wss?uid=swg1IC85513

Insight

The flaw is caused due an improper validation of user-supplied input by routines within the UTL_FILE module. Which allows attackers to read arbitrary files.

Affected

IBM DB2 version 10.1 before FP1 on Windows

References

http://www-01.ibm.com/support/docview.wss?uid=swg1IC85513
http://www-01.ibm.com/support/docview.wss?uid=swg21611040
http://xforce.iss.net/xforce/xfdb/77924

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-3324
CVSS Base Score: 9.0
AV:N/AC:L/Au:S/C:C/I:C/A:C

Related Vulnerabilities

IBM DB2 Audit Facility Local Privilege Escalation Vulnerability (Linux)
Oracle Database Server Multiple Unspecified Vulnerabilities - April 06
IBM DB2 Multiple Unspecified Vulnerabilities (Win)
MySQL 5.x Unspecified Buffer Overflow Vulnerability
Oracle Database Server Multiple Unspecified Vulnerabilities - Jan 08

Take action and discover your vulnerabilities