Test ID:	1.3.6.1.4.1.25623.1.0.900673
Category:	Databases
Title:	IBM Db2 Multiple Vulnerabilities - Windows
Summary:	IBM Db2 is prone to multiple vulnerabilities.
Description:	Summary: IBM Db2 is prone to multiple vulnerabilities. Vulnerability Insight: The flaws are due to: - An error in DRDA Services component that can be exploited via an IPv6 address in the correlation token in the APPID string. - An unspecified error can be exploited to connect to DB2 databases without a valid password if ldap-based authentication is used and the LDAP server allows anonymous binds. Vulnerability Impact: Successful exploitation will let the attacker bypass security restrictions, cause a denial of service or gain elevated privileges. Affected Software/OS: IBM Db2 version 8 prior to Fixpack 17, 9.1 prior to Fixpack 7 and 9.5 prior to Fixpack 4. Solution: Update Db2 8 Fixpack 17, 9.1 Fixpack 7, 9.5 Fixpack 4 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-1905 AIX APAR: JR32268 http://www-01.ibm.com/support/docview.wss?uid=swg1JR32268 AIX APAR: JR32272 http://www-01.ibm.com/support/docview.wss?uid=swg1JR32272 AIX APAR: JR32273 http://www-01.ibm.com/support/docview.wss?uid=swg1JR32273 BugTraq ID: 35171 http://www.securityfocus.com/bid/35171 BugTraq ID: 36540 http://www.securityfocus.com/bid/36540 http://securitytracker.com/id?1022319 http://secunia.com/advisories/31787 http://secunia.com/advisories/35235 XForce ISS Database: ibmdb2-ldap-security-bypass(50909) https://exchange.xforce.ibmcloud.com/vulnerabilities/50909 Common Vulnerability Exposure (CVE) ID: CVE-2009-1906 AIX APAR: IZ36683 http://www-01.ibm.com/support/docview.wss?uid=swg1IZ36683 AIX APAR: IZ38874 http://www-01.ibm.com/support/docview.wss?uid=swg1IZ38874
Copyright	Copyright (C) 2009 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.