Multiple vulnerabilities have been reported in IBM DB2, which can be exploited by malicious, local users to manipulate certain data and gain escalated privileges, by malicious users to bypass certain security restrictions and gain escalated privileges and by malicious people to cause a DoS (Denial of Service) or compromise the application.

1) A security issue exists within the Common Code Infrastructure due to the nodes.reg file having insecure world-writable permissions.

This vulnerability is reported in versions prior to 9.5 Fix Pack 9.

2) An error within the Server component can be exploited to cause a crash by sending a specially crafted Distributed Relational Database Architecture (DRDA) request.

This vulnerability is reported in versions prior to 9.1 Fix Pack 11, prior to 9.5 Fix Pack 9, prior to 9.7 Fix Pack 5, and prior to 9.8 Fix Pack 4.

3) An error within the Install component may allow local users to escalate their privileges.

This vulnerability is reported in versions prior to 9.5 Fix Pack 9.

4) A signedness error in the "UidKey::getHashCode()" function within the DAS component can be exploited to dereference arbitrary heap memory as a function pointer via a specially crafted login request.

Note: This vulnerability does not affect DAS components running on Windows platforms.

This vulnerability is reported in versions 9.1, prior to 9.5 Fix Pack 9, and 9.7.

5) An unspecified error within the XML feature can be exploited to cause a DoS.

Successful exploitation of this vulnerability requires CONNECT privileges.

6) An unspecified error within some authorization checks can be exploited to gain access to certain tables.

Successful exploitation of this vulnerability requires CONNECT and CREATEIN privileges.

The vulnerabilities #5 and #6 are reported in versions prior to 9.5 Fix Pack 9, 9.7, and 9.8.

Solution
Update to version 9.1 FP12, 9.5 FP9, 9.7 FP6, and 9.8 FP4.
Further details available to Secunia VIM customers

Provided and/or discovered by
1-3) Reported by the vendor.
4) An anonymous person via iDefense VCP.
5) The vendor credits an anonymous person via iDefense.
6) The vendor credits Martin Rakhmanov, Application Security Inc.

Changelog
Further details available to Secunia VIM customers

Original Advisory
IBM (IC76781, IC76899, IC76901, IC76902, IC79970, IC80728, IC81379, IC81387):
http://www.ibm.com/support/docview.wss?uid=swg21586193
http://www.ibm.com/support/docview.wss?uid=swg21588090
http://www.ibm.com/support/docview.wss?uid=swg21588093
http://www.ibm.com/support/docview.wss?uid=swg21588098
http://www.ibm.com/support/docview.wss?uid=swg21588100
http://www.ibm.com/support/docview.wss?uid=swg1IC76781
http://www.ibm.com/support/docview.wss?uid=swg1IC76899
http://www.ibm.com/support/docview.wss?uid=swg1IC76901
http://www.ibm.com/support/docview.wss?uid=swg1IC76902
http://www.ibm.com/support/docview.wss?uid=swg1IC79970
http://www.ibm.com/support/docview.wss?uid=swg1IC80728
http://www.ibm.com/support/docview.wss?uid=swg1IC81379
http://www.ibm.com/support/docview.wss?uid=swg1IC81387
http://www.ibm.com/support/docview.wss?uid=swg1IC80729

iDefense:
http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=972

Other references
Further details available to Secunia VIM customers

Deep Links
Links available to Secunia VIM customers