IBM DB2 Multiple Security Bypass Vulnerabilities (May-11) Network Vulnerability

Summary

The host is running IBM DB2 and is prone to multiple security bypass vulnerabilites.

Impact

Successful exploitation will allow attackers to bypass security restrictions, gain knowledge of sensitive information or cause a denial of service. Impact Level: Application.

Solution

Update DB2 to 9.5 Fix Pack 7, or 9.7 Fix Pack 4, For updates refer to http://www.ibm.com/support/docview.wss?rs=71&uid=swg27007053

Insight

Multiple flaws are due to, - An access validation error which could allow users to update statistics for tables without appropriate privileges. - An error when revoking role memberships, which could result in a user continuing to have privileges to execute a non-DDL statement after role membership has been revoked from its group.

Affected

IBM DB2 versions prior to 9.5 Fix Pack 7 IBM DB2 versions prior to 9.7 Fix Pack 4

References

http://secunia.com/advisories/44229
http://www.vupen.com/english/advisories/2011/1083
http://xforce.iss.net/xforce/xfdb/66980
https://www-304.ibm.com/support/docview.wss?uid=swg1IC71263&crawler=1

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-1846, CVE-2011-1847

CVSS	Base Score: 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P

Related Vulnerabilities

PostgreSQL PL/Perl and PL/Tcl Local Privilege Escalation Vulnerability
Oracle MySQL Server Multiple Vulnerabilities-02 Nov12 (Windows)
Oracle MySQL Server Multiple Vulnerabilities-03 Nov12 (Windows)
MongoDB engine_v8 Denial of Service Vulnerability
MongoDB mongod Malformed X.509 Certificate Handling Remote DoS Vulnerability

Take action and discover your vulnerabilities