|
IBM DB2 UDB Multiple Vulnerabilities
|
|
Secunia Advisory:
|
SA28771
|
|
|
Release Date:
|
2008-02-04
|
|
Last Update:
|
2008-10-13
|
|
Popularity:
|
7,414 views
|
|
|
Critical:
|
Moderately critical
|
|
Impact:
|
Unknown
Security Bypass
Privilege escalation
DoS
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | IBM DB2 Universal Database 8.x
|
|
|
Secunia CVSS-2 Score:
|
Available in Secunia business solutions 
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities
|
|
| Advisory Content (Page 2 of 3) | [ 1 ] [ 2 ] [ 3 ] | |
|
Solution:
Apply Fixpak 16.
http://www-1.ibm.com/support/docview.wss?rs=71&uid=swg21256235
NOTE: Due to permission issues the vendor does not recommend to install Fixpak 15 or 16 for DB Universal Database 8 on Solaris platforms. Please see the vendor advisory for more information.
http://www-1.ibm.com/support/docview.wss?uid=swg21295375
Provided and/or discovered by:
1, 2) An anonymous researcher, reported via iDefense Labs.
7) Martin Rakhmanov, Cesar Cerrudo, and Esteban Martinez Fayo of Application Security Inc.
Reported by the vendor.
Changelog:
2008-02-06: Added vulnerabilities #5 and #6. Updated "Solution" section.
2008-02-07: Added vulnerabilities #7, #8, and #9 based on changes in the vendor advisory.
2008-02-08: Added links and updated advisory based on additional information from iDefense Labs. Added CVE references.
2008-02-13: Added CVE reference.
2008-03-13: Added link and updated description of vulnerability #7 based on additional information from Application Security Inc.
2008-04-10: Added note to "Solution" section about issues with Fixpak 15 and 16 for DB2 Universal Database 8.
2008-04-22: Updated "Description" section. Added link to "Other Reference" section.
2008-05-02: Added CVE reference.
2008-10-13: Added CVE reference.
Original Advisory:
IBM:
http://www-1.ibm.com/support/docview.wss?uid=swg21294760
ftp://ftp.software.ibm.com/ps/product...lish-us/aparlist/db2_v82/APARLIST.TXT
iDefense Labs:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=653
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=654
Application Security Inc.:
http://www.appsecinc.com/resources/alerts/db2/2008-01.shtml
Other References:
SA29022:
http://secunia.com/advisories/29022/
Change Page:
[ 1 ] [ 2 ] [ 3 ]
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
