Vigil@nce - IBM DB2 10.5: multiple vulnerabilities
December 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use several vulnerabilities of IBM DB2 10.5.
– Impacted products: DB2 UDB
– Severity: 1/4
– Creation date: 12/12/2014
DESCRIPTION OF THE VULNERABILITY
Several vulnerabilities were announced in IBM DB2 10.5.
An attacker can use several ALTER TABLE statements, in order to
trigger a denial of service. [severity:1/4; CVE-2014-6210, IT04138]
An attacker can use the ALTER TABLE command with AUTO_REVAL set to
IMMEDIATE, in order to trigger a denial of service. [severity:1/4;
CVE-2014-6159, IT04730, IT05105]
An attacker can use an ALTER TABLE on an Identity Column, in order
to trigger a denial of service. [severity:1/4; CVE-2014-6209,
IT04786]
An attacker can use XML data, in order to trigger a denial of
service. [severity:1/4; IT05933]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/IBM-DB2-10-5-multiple-vulnerabilities-15789