Vigil@nce - IBM DB2: three vulnerabilities
September 2016 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use several vulnerabilities of IBM DB2.
– Impacted products: DB2 UDB.
– Severity: 2/4.
– Creation date: 28/07/2016.
DESCRIPTION OF THE VULNERABILITY
Several vulnerabilities were announced in IBM DB2.
An attacker can bypass security features via IBM General Parallel
File System, in order to escalate his privileges or cause a denial
of service. [severity:2/4; CVE-2016-0263]
An attacker can use a vulnerability via Setuid File Parameters, in
order to run code. [severity:2/4; CVE-2016-0392]
An attacker can bypass security features via Spectrum Scale GUI,
in order to escalate his privileges. [severity:2/4; CVE-2016-0361]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
https://vigilance.fr/vulnerability/IBM-DB2-three-vulnerabilities-20243