NASLDB: DB2 9.1 < Fix Pack 11 Multiple Denial of Service Vulnerabilities
General
ID: 59644
Name: DB2 9.1 < Fix Pack 11 Multiple Denial of Service Vulnerabilities
Summary: Checks DB2 signature
Credits: Tenable Network Security, Inc.
Classification
Risk: –
CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS Temporal Vector: CVSS2#E:F/RL:OF/RC:C
Port: 2
Family: Databases
Type: Remote
Description
According to its version, the installation of DB2 9.1 on the remote
host is older than Fix Pack 11 and is, therefore, affected by multiple
denial of service vulnerabilities :
– The version of Java that is bundled with the
application can enter an infinite loop when handling
certain operations related to floating point numbers.
(CVE-2010-4476)
– The Distributed Relational Database Architecture (DRDA)
contains an error that can allow denial of service
conditions when handling certain maliciously crafted
requests. (CVE-2012-0710)
Exploiting
Exploit Available: True
Exploitability Ease: Exploits are available
Sources
CVE: CVE-2010-4476
OSVDB: –
Bugtraq: 46091
scipID: –
Timeline
Vulnerability Disclosure: 2011/02/08
Patch Release: 2011/11/15
Plugin Release: 2012/06/21
Plugin
Version: 1.3
Filename: db2_9fp11.nasl
Filesize: 4648 bytes
MD5 Hash: e21eefb38ee3af078d30c736922f5c95
Identification: DB2/"port"/Platform_Name
Require Keys: –
Dependencies: "db2_das_detect.nasl"
Copyright: This script is Copyright© 2012 Tenable Network Security, Inc.
- Letzte Plugins
- USN-1611-1 : thunderbird vulnerabilities
- USN-1610-1 : linux vulnerability
- USN-1609-1 : linux-ti-omap4 vulnerability
- SuSE 10 Security Update : PostgreSQL
- RHSA-2012-1364: bind97
- RHSA-2012-1363: bind
- RHSA-2012-1362: thunderbird
- RHSA-2012-1361: xulrunner
- Mandriva Linux Security Advisory : graphicsmagick
- FreeBSD : phpMyAdmin — Multiple XSS due to unescaped HTML output in Trigger, Procedure and Event pages and Fetching the version information from a non-SSL site is vulnerable to a MITM attack