Vigil@nce - IBM DB2: three vulnerabilities
September 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
An attacker can use several vulnerabilities of IBM DB2, in order
to modify data or to create a denial of service.
Severity: 2/4
Creation date: 31/08/2010
DESCRIPTION OF THE VULNERABILITY
Three vulnerabilities were announced in IBM DB2.
A vulnerability exists in DB2STST. Technical details are unknown.
[severity:2/4; CVE-2010-3193, IC65408, IC65703, IC65742]
An attacker can modify files owned by the DB2 instance owner via
DB2DART. [severity:2/4; CVE-2010-3194, IC65749, IC65756, IC65762]
An error in group and user enumeration could stop the server on
Windows 2008. [severity:2/4; CVE-2010-3195, IC66099, IC66642,
IC66643]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/IBM-DB2-three-vulnerabilities-9890