Summary
The host is running IBM DB2 and is prone to multiple security bypass vulnerabilites.
Impact
Successful exploitation will allow attackers to bypass security restrictions, gain knowledge of sensitive information or cause a denial of service.
Impact Level: Application.
Solution
Update DB2 to 9.5 Fix Pack 7, or 9.7 Fix Pack 4,
For updates refer to http://www.ibm.com/support/docview.wss?rs=71&uid=swg27007053
Insight
Multiple flaws are due to,
- An access validation error which could allow users to update statistics for tables without appropriate privileges.
- An error when revoking role memberships, which could result in a user continuing to have privileges to execute a non-DDL statement after role membership has been revoked from its group.
Affected
IBM DB2 versions prior to 9.5 Fix Pack 7
IBM DB2 versions prior to 9.7 Fix Pack 4
References
Severity
Classification
-
CVE CVE-2011-1846, CVE-2011-1847 -
CVSS Base Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P
Related Vulnerabilities
- Oracle MySQL Multiple Unspecified vulnerabilities - 01 Jan14 (Windows)
- IBM DB2 'REPEAT()' Heap Buffer Overflow Vulnerability
- IBM DB2 XML Feature DoS and CREATE VARIABLE Security Bypass Vulnerabilities
- IBM DB2 Multiple Security Bypass Vulnerabilities (May-11)
- IBM DB2 Client Interfaces component Unspecified Vulnerabilities (Linux)