Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.801071
Category:Databases
Title:IBM Db2 Multiple Vulnerabilities - Dec09 (Linux)
Summary:IBM Db2 is prone to multiple vulnerabilities.
Description:Summary:
IBM Db2 is prone to multiple vulnerabilities.

Vulnerability Insight:
Multiple flaws are due to:

- Unspecified error exists related to a table function when the definer
loses required privileges.

- Unspecified error that can be exploited to insert, update, or delete rows
in a table without having required privileges.

- Unspecified error in the handling of 'SET SESSION AUTHORIZATION' statements.

- Error in 'DASAUTO' command, it can be run by non-privileged users.

Vulnerability Impact:
Successful exploitation allows the attacker to potentially perform certain
actions with escalated privileges or to bypass certain security restrictions.

Affected Software/OS:
IBM Db2 version 8 prior to Fixpack 18, 9.1 prior to Fixpack 8,
9.5 prior to Fixpack 4 and 9.7 prior to Fixpack 1.

Solution:
Update Db2 8 Fixpak 18, 9.1 Fixpack 8, 9.5 Fixpack 4, 9.7 Fixpack 1 or later.

CVSS Score:
4.6

CVSS Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2009-4150
AIX APAR: IC64759
http://www-01.ibm.com/support/docview.wss?uid=swg1IC64759
AIX APAR: IZ40340
http://www-01.ibm.com/support/docview.wss?uid=swg1IZ40340
AIX APAR: IZ40343
http://www-01.ibm.com/support/docview.wss?uid=swg1IZ40343
AIX APAR: IZ40352
http://www-01.ibm.com/support/docview.wss?uid=swg1IZ40352
http://securitytracker.com/id?1023242
http://secunia.com/advisories/36890
http://secunia.com/advisories/37454
http://www.vupen.com/english/advisories/2009/3340
CopyrightCopyright (C) 2009 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.