IBM DB2 Universal Database Server 8.2 Prior To Fixpak 17 Multiple Vulnerabilities
BID:31058
Info
IBM DB2 Universal Database Server 8.2 Prior To Fixpak 17 Multiple Vulnerabilities
| Bugtraq ID: | 31058 |
| Class: | Unknown |
| CVE: |
CVE-2008-3958 CVE-2008-3960 CVE-2008-6820 |
| Remote: | Yes |
| Local: | No |
| Published: | Sep 01 2008 12:00AM |
| Updated: | Jul 05 2016 10:01PM |
| Credit: | The vendor disclosed these issues. |
| Vulnerable: |
IBM DB2 Universal Database for Windows 8.2 IBM DB2 Universal Database for Windows 8.2.0 Fixpak 16 IBM DB2 Universal Database for Solaris 8.2 IBM DB2 Universal Database for Solaris 8.2.0 Fixpak 16 IBM DB2 Universal Database for Linux 8.2 IBM DB2 Universal Database for Linux 8.2.0 Fixpak 16 IBM DB2 Universal Database for HP-UX 8.2 IBM DB2 Universal Database for HP-UX 8.2.0 Fixpak 16 IBM DB2 Universal Database for AIX 8.2 IBM DB2 Universal Database for AIX 8.2.0 Fixpak 16 |
| Not Vulnerable: |
IBM DB2 Universal Database for Windows 8.2 Fixpak 17 IBM DB2 Universal Database for Solaris 8.2 Fixpak 17 IBM DB2 Universal Database for Linux 8.2 Fixpak 17 IBM DB2 Universal Database for HP-UX 8.2 Fixpak 17 IBM DB2 Universal Database for AIX 8.2 Fixpak 17 |
Discussion
IBM DB2 Universal Database Server 8.2 Prior To Fixpak 17 Multiple Vulnerabilities
IBM DB2 Universal Database Server is prone to multiple vulnerabilities:
- A remote denial-of-service issue related to CONNECT / ATTACH processing.
- An unspecified vulnerability in the DB2FMP process.
- A remote denial-of-service issue in DB2JDS.
- The DB2FMP process executes with system privileges under Windows.
An attacker may exploit these issues to deny service to legitimate users. Other attacks may also be possible.
The CONNECT / ATTACH issue may be related to the issue discussed in BID 27870 (IBM DB2 Universal Database Multiple Vulnerabilities).
Very few details are available regarding these issues. We will update this BID as more information emerges.
These issues affect versions prior to IBM DB2 Universal Database Server 8.2 Fixpak 17.
IBM DB2 Universal Database Server is prone to multiple vulnerabilities:
- A remote denial-of-service issue related to CONNECT / ATTACH processing.
- An unspecified vulnerability in the DB2FMP process.
- A remote denial-of-service issue in DB2JDS.
- The DB2FMP process executes with system privileges under Windows.
An attacker may exploit these issues to deny service to legitimate users. Other attacks may also be possible.
The CONNECT / ATTACH issue may be related to the issue discussed in BID 27870 (IBM DB2 Universal Database Multiple Vulnerabilities).
Very few details are available regarding these issues. We will update this BID as more information emerges.
These issues affect versions prior to IBM DB2 Universal Database Server 8.2 Fixpak 17.
Exploit / POC
IBM DB2 Universal Database Server 8.2 Prior To Fixpak 17 Multiple Vulnerabilities
Currently we are not aware of any working exploits for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any working exploits for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
IBM DB2 Universal Database Server 8.2 Prior To Fixpak 17 Multiple Vulnerabilities
Solution:
IBM has released fixes to address these issues. Please see the references for more information.
Solution:
IBM has released fixes to address these issues. Please see the references for more information.
References
IBM DB2 Universal Database Server 8.2 Prior To Fixpak 17 Multiple Vulnerabilities
References:
References: