Vigil@nce: IBM DB2 9.7, several vulnerabilities
December 2009 by Vigil@nce
An attacker can use several vulnerabilities of IBM DB2, in order
to obtain data or to create a denial of service.
Severity: 1/4
Consequences: data reading, denial of service of service
Provenance: user account
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Number of vulnerabilities in this bulletin: 7
Creation date: 15/12/2009
IMPACTED PRODUCTS
– IBM DB2 UDB
DESCRIPTION OF THE VULNERABILITY
Several vulnerabilities were announced in IBM DB2.
A SQL query containing variables can return invalid results.
[grav:1/4; IC62219, IZ55987]
A SQL query containing IN lists to join can return invalid
results. [grav:1/4; IC64066, IZ47730]
An index scan can return invalid results. [grav:1/4; IC62088,
IZ53555, IZ55552]
A SQL query containing an outer join can return invalid results.
[grav:1/4; IC63414, IC63415]
A SQL query containing an ordered column group can return invalid
results. [grav:1/4; IC63668, IZ62791]
An attacker can use SET WRITE SUSPEND to create a denial of
service. [grav:1/4; IC61781, IC64767, IC64825]
A SQL query containing SQLSETSTMTATTRW() can return invalid
results. [grav:1/4; IC64539, IC64540, IC64541, IC64680]
CHARACTERISTICS
Identifiers: 1412902, IC61781, IC62088, IC62219, IC63414, IC63415,
IC63668, IC64066, IC64539, IC64540, IC64541, IC64680, IC64767,
IC64825, IZ47730, IZ53555, IZ55552, IZ55987, IZ62791,
VIGILANCE-VUL-9288
http://vigilance.fr/vulnerability/IBM-DB2-9-7-several-vulnerabilities-9288