Vigil@nce: IBM DB2, several vulnerabilities
August 2009 by Vigil@nce
An attacker can use several vulnerabilities of IBM DB2 in order to
generate a denial of service or to execute code.
Severity: 2/4
Consequences: user access/rights, denial of service of service
Provenance: intranet client
Means of attack: 2 attacks
Ability of attacker: beginner (1/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Number of vulnerabilities in this bulletin: 4
Creation date: 24/08/2009
IMPACTED PRODUCTS
– IBM DB2 UDB
DESCRIPTION OF THE VULNERABILITY
Several vulnerabilities were announced in IBM DB2.
An attacker can use the DAS command to execute code. [grav:2/4;
IZ34149]
An attacker can use a malicious CONNECT DATA STREAM in order to
generate a denial of service. [grav:2/4; IZ37696]
An attacker can use a malicious DATA STREAM in order to generate a
denial of service. [grav:2/4; IZ39652]
An attacker can send malicious packets in order to force DB2JDS to
stop. [grav:2/4; IZ52433]
CHARACTERISTICS
Identifiers: BID-36059, IZ34149, IZ37696, IZ39652, IZ52433,
VIGILANCE-VUL-8971
http://vigilance.fr/vulnerability/IBM-DB2-several-vulnerabilities-8971