Test ID:	1.3.6.1.4.1.25623.1.0.902175
Category:	Databases
Title:	IBM Db2 REPEAT Buffer Overflow and TLS Renegotiation Vulnerabilities - Windows
Summary:	IBM Db2 is prone to a buffer overflow and TLS Renegotiation vulnerabilities.
Description:	Summary: IBM Db2 is prone to a buffer overflow and TLS Renegotiation vulnerabilities. Vulnerability Insight: The flaws are due to: - Buffer overflow error within the scalar function 'REPEAT', which could allow malicious users to cause a vulnerable server to crash. - An error in the 'TLS' implementation while handling session 're-negotiations' which can be exploited to insert arbitrary plaintext into an existing TLS session via Man-in-the-Middle (MitM) attacks. Vulnerability Impact: Successful exploitation will allow attacker to cause a denial of service or to bypass security restrictions. Affected Software/OS: IBM Db2 version 9.1 prior to FP9. Solution: Update IBM Db2 9.1 FP9. CVSS Score: 4.0 CVSS Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-1560 AIX APAR: IC65922 http://www-01.ibm.com/support/docview.wss?uid=swg1IC65922 http://osvdb.org/64041 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14613 http://secunia.com/advisories/39500 http://attrition.org/pipermail/vim/2010-April/002341.html http://www.vupen.com/english/advisories/2010/0982 XForce ISS Database: db2-repeat-dos(58070) https://exchange.xforce.ibmcloud.com/vulnerabilities/58070
Copyright	Copyright (C) 2010 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.