DB2 9.1 < Fix Pack 12 Multiple Vulnerabilities

NASLDB: DB2 9.1 < Fix Pack 12 Multiple Vulnerabilities

General

ID: 60098
Name: DB2 9.1 < Fix Pack 12 Multiple Vulnerabilities

Summary: Checks DB2 signature

Credits: Tenable Network Security, Inc.

Classification

Risk: –

CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Port: 2
Family: Databases
Type: Remote

Description

According to its version, the installation of DB2 9.1 on the remote
host is affected by one or more of the following issues :

– An integer signedness error exists in the ‘db2asrrm’
process that can lead to a heap-based buffer overflow.
Note that this issue does not affect Windows hosts.
(#IC80561 / CVE-2012-0711)

– An error exists related to the stored procedure
‘SQLJ.DB2_INSTALL_JAR’ that can allow ‘JAR’ files to be
overwritten. Note that this issue only affects Windows
hosts. (#IC84019 / CVE-2012-2194)

– An error exists related to the stored procedures
‘GET_WRAP_CFG_C’ and ‘GET_WRAP_CFG_C2’ that can allow
unauthorized access to XML files. (#IC84614 /
CVE-2012-2196)

– An error exists related to the Java stored procedure
infrastructure that can allow stack-based buffer
overflows. (#IC84555 / CVE-2012-2197)