The host is installed with IBM DB2 and is prone to multiple vulnerabilities.
Successful exploitation will allow attacker to bypass security restrictions, cause a denial of service. Impact Level: System/Application
Update IBM DB2 9.5 Fixpak 5, http://www-01.ibm.com/support/docview.wss?rs=0&uid=swg24022678
The flaws are due to: - An unspecified error in the Engine Utilities component, causes segmentation fault by modifying the db2ra data stream sent in a request from the load utility. - An unspecified error in 'db2licm' within the Engine Utilities component it has unknown impact and local attack vectors. - An unspecified error in the DRDA Services componenta, causes the server trap by calling a SQL stored procedure in unknown circumstances. - An error in relational data services component, allows attackers to obtain the password argument from the SET ENCRYPTION PASSWORD statement via vectors involving the GET SNAPSHOT FOR DYNAMIC SQL command. - Multiple unspecified errors in bundled stored procedures in the Spatial Extender component, have unknown impact and remote attack vectors. - An unspecified vulnerability in the Query Compiler, Rewrite, and Optimizer component, allows to cause a denial of service (instance crash) by compiling a SQL query.
IBM DB2 version 9.5 prior to Fixpak 5
CVE CVE-2009-4328, CVE-2009-4329, CVE-2009-4330, CVE-2009-4333, CVE-2009-4335, CVE-2009-4439
CVSS Base Score: 10.0
- Oracle Database Server MDSYS.MD Buffer Overflows and Denial of Service Vulnerabilities
- Oracle Database Server Multiple Vulnerabilities - July 06
- Oracle Database Server 'RDBMS' component Denial of Service Vulnerability
- IBM DB2 Multiple Vulnerabilities (Oct10)
- Oracle Database Server Multiple Unspecified Vulnerabilities