Freely subscribe to our NEWSLETTER

Security Vulnerability

Vigil@nce: IBM DB2 9.7, several vulnerabilities

December 2009 by Vigil@nce

An attacker can use several vulnerabilities of IBM DB2, in order
to obtain data or to create a denial of service.

Severity: 1/4

Consequences: data reading, denial of service of service

Provenance: user account

Means of attack: no proof of concept, no attack

Ability of attacker: expert (4/4)

Confidence: confirmed by the editor (5/5)

Diffusion of the vulnerable configuration: high (3/3)

Number of vulnerabilities in this bulletin: 7

Creation date: 15/12/2009

IMPACTED PRODUCTS

– IBM DB2 UDB

DESCRIPTION OF THE VULNERABILITY

Several vulnerabilities were announced in IBM DB2.

A SQL query containing variables can return invalid results.
[grav:1/4; IC62219, IZ55987]

A SQL query containing IN lists to join can return invalid
results. [grav:1/4; IC64066, IZ47730]

An index scan can return invalid results. [grav:1/4; IC62088,
IZ53555, IZ55552]

A SQL query containing an outer join can return invalid results.
[grav:1/4; IC63414, IC63415]

A SQL query containing an ordered column group can return invalid
results. [grav:1/4; IC63668, IZ62791]

An attacker can use SET WRITE SUSPEND to create a denial of
service. [grav:1/4; IC61781, IC64767, IC64825]

A SQL query containing SQLSETSTMTATTRW() can return invalid
results. [grav:1/4; IC64539, IC64540, IC64541, IC64680]

CHARACTERISTICS

Identifiers: 1412902, IC61781, IC62088, IC62219, IC63414, IC63415,
IC63668, IC64066, IC64539, IC64540, IC64541, IC64680, IC64767,
IC64825, IZ47730, IZ53555, IZ55552, IZ55987, IZ62791,
VIGILANCE-VUL-9288

http://vigilance.fr/vulnerability/IBM-DB2-9-7-several-vulnerabilities-9288

Subscribe

Freely subscribe to our NEWSLETTER

See previous articles

See next articles

Security Vulnerability

All our news in english

Alle unsere News auf deutsch

Your podcast Here

All new podcasts

Global Security Mag Copyright 2011