Test ID:	1.3.6.1.4.1.25623.1.0.901078
Category:	Databases
Title:	IBM Db2 Self Tuning Memory Manager (STMM) DOS Vulnerability - Windows
Summary:	IBM Db2 is prone to a denial of service vulnerability.
Description:	Summary: IBM Db2 is prone to a denial of service vulnerability. Vulnerability Insight: The flaws are due to: - An error in Self Tuning Memory Manager (STMM) component when 0666 permissions for the STMM log file is used. - An error in Query Compiler, Rewrite, and Optimizer component does not enforce privilege requirements for access to a 'sequence' or 'global-variable' object, which allows remote users to make use of data via unspecified vectors. Vulnerability Impact: Successful exploitation will allow attacker to cause a denial of service or have other impact by writing to this file. Affected Software/OS: IBM Db2 version 9.1 prior to FP8, 9.5 prior to FP5 and 9.7 prior to FP1. Solution: Update IBM Db2 9.1 FP8, 9.5 FP5, 9.7 FP1 or later. CVSS Score: 6.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-4334 AIX APAR: IC64019 http://www-01.ibm.com/support/docview.wss?uid=swg1IC64019 AIX APAR: IZ48106 http://www-01.ibm.com/support/docview.wss?uid=swg1IZ48106 AIX APAR: IZ50355 http://www-01.ibm.com/support/docview.wss?uid=swg1IZ50355 BugTraq ID: 37332 http://www.securityfocus.com/bid/37332 http://secunia.com/advisories/37759 http://www.vupen.com/english/advisories/2009/3520 Common Vulnerability Exposure (CVE) ID: CVE-2009-4438 AIX APAR: IC62543 http://www-01.ibm.com/support/docview.wss?uid=swg1IC62543 AIX APAR: IC62583 http://www-01.ibm.com/support/docview.wss?uid=swg1IC62583 AIX APAR: IC64852 http://www-01.ibm.com/support/docview.wss?uid=swg1IC64852
Copyright	Copyright (C) 2009 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.