Databases : IBM Db2 Multiple Vulnerabilities

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.900678

Kategorie: Databases

Titel: IBM Db2 Multiple Vulnerabilities - Linux

Zusammenfassung: IBM DB2 is prone to multiple vulnerabilities.

Beschreibung: Summary:
IBM DB2 is prone to multiple vulnerabilities.

Vulnerability Insight:
- An error in DRDA Services component can be exploited via an IPv6 address
in the correlation token in the APPID string.

- An unspecified error can be exploited to connect to Db2 databases without
a valid password if ldap-based authentication is used and the LDAP server allows anonymous binds.

Vulnerability Impact:
Successful exploitation will let the attacker bypass security restrictions,
cause a denial of service or gain elevated privileges.

Affected Software/OS:
IBM Db2 version 8 prior to Fixpak 17, 9.1 prior to Fixpak 7 and
9.5 prior to Fixpak 4.

Solution:
Update Db2 8 Fixpak 17, 9.1 Fixpak 7, 9.5 Fixpak 4 or later.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2009-1905
AIX APAR: JR32268
http://www-01.ibm.com/support/docview.wss?uid=swg1JR32268
AIX APAR: JR32272
http://www-01.ibm.com/support/docview.wss?uid=swg1JR32272
AIX APAR: JR32273
http://www-01.ibm.com/support/docview.wss?uid=swg1JR32273
BugTraq ID: 35171
http://www.securityfocus.com/bid/35171
BugTraq ID: 36540
http://www.securityfocus.com/bid/36540
http://securitytracker.com/id?1022319
http://secunia.com/advisories/31787
http://secunia.com/advisories/35235
XForce ISS Database: ibmdb2-ldap-security-bypass(50909)
https://exchange.xforce.ibmcloud.com/vulnerabilities/50909
Common Vulnerability Exposure (CVE) ID: CVE-2009-1906
AIX APAR: IZ36683
http://www-01.ibm.com/support/docview.wss?uid=swg1IZ36683
AIX APAR: IZ38874
http://www-01.ibm.com/support/docview.wss?uid=swg1IZ38874

Copyright Copyright (C) 2009 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.900678
Kategorie:	Databases
Titel:	IBM Db2 Multiple Vulnerabilities - Linux
Zusammenfassung:	IBM DB2 is prone to multiple vulnerabilities.
Beschreibung:	Summary: IBM DB2 is prone to multiple vulnerabilities. Vulnerability Insight: - An error in DRDA Services component can be exploited via an IPv6 address in the correlation token in the APPID string. - An unspecified error can be exploited to connect to Db2 databases without a valid password if ldap-based authentication is used and the LDAP server allows anonymous binds. Vulnerability Impact: Successful exploitation will let the attacker bypass security restrictions, cause a denial of service or gain elevated privileges. Affected Software/OS: IBM Db2 version 8 prior to Fixpak 17, 9.1 prior to Fixpak 7 and 9.5 prior to Fixpak 4. Solution: Update Db2 8 Fixpak 17, 9.1 Fixpak 7, 9.5 Fixpak 4 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2009-1905 AIX APAR: JR32268 http://www-01.ibm.com/support/docview.wss?uid=swg1JR32268 AIX APAR: JR32272 http://www-01.ibm.com/support/docview.wss?uid=swg1JR32272 AIX APAR: JR32273 http://www-01.ibm.com/support/docview.wss?uid=swg1JR32273 BugTraq ID: 35171 http://www.securityfocus.com/bid/35171 BugTraq ID: 36540 http://www.securityfocus.com/bid/36540 http://securitytracker.com/id?1022319 http://secunia.com/advisories/31787 http://secunia.com/advisories/35235 XForce ISS Database: ibmdb2-ldap-security-bypass(50909) https://exchange.xforce.ibmcloud.com/vulnerabilities/50909 Common Vulnerability Exposure (CVE) ID: CVE-2009-1906 AIX APAR: IZ36683 http://www-01.ibm.com/support/docview.wss?uid=swg1IZ36683 AIX APAR: IZ38874 http://www-01.ibm.com/support/docview.wss?uid=swg1IZ38874
Copyright	Copyright (C) 2009 Greenbone AG