The host is running IBM DB2 and is prone to multiple vulnerabilites.
Successful exploitation will allow attackers to bypass security restrictions, gain knowledge of sensitive information or cause a denial of service. Impact Level: Application.
Update DB2 version 9.5 Fix Pack 6a, For updates refer to http://www-933.ibm.com/support/fixcentral/swg/downloadFixes
Multiple flaws are due to, - An error in 'Install' component, which enforces an unintended limit on password length, which makes it easier for attackers to obtain access via a brute-force attack. - A buffer overflow in the 'Administration Server' component, which allows an attacker to cause a denial of service via unspecified vectors. - An error in 'DRDA Services' component, which allows remote authenticated users to cause a denial of service. - The 'Engine Utilities' component uses world-writable permissions for the 'sqllib/cfg/db2sprf' file, which allows local users to gain privileges by modifying this file. - A memory leak in the 'Relational Data Services' component, when the connection concentrator is enabled. - The 'Query Compiler, Rewrite, Optimizer' component, allows remote authenticated users to cause a denial of service (CPU consumption). - The 'Security' component logs 'AUDIT' events by using a USERID and an AUTHID value corresponding to the instance owner, instead of a USERID and an AUTHID value corresponding to the logged-in user account. - The 'Net Search Extender' (NSE) implementation in the Text Search component does not properly handle an alphanumeric Fuzzy search. - The audit facility in the 'Security' component uses instance-level audit settings to capture connection (aka CONNECT and AUTHENTICATION) events in certain circumstances in which database-level audit settings were intended.
IBM DB2 versions 9.5 before Fix Pack 6a
CVE CVE-2010-3731, CVE-2010-3732, CVE-2010-3733, CVE-2010-3734, CVE-2010-3735, CVE-2010-3736, CVE-2010-3737, CVE-2010-3738, CVE-2010-3739, CVE-2010-3740
CVSS Base Score: 10.0