Vulnerabilities > CVE-2009-3471 - Unspecified vulnerability in IBM DB2 8.0/9.1/9.5

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
ibm
nessus

Summary

IBM DB2 8 before FP18, 9.1 before FP8, 9.5 before FP4, and 9.7 before FP2 does not perform the expected drops of certain table functions upon a loss of privileges by the functions' definers, which has unspecified impact and remote attack vectors.

Vulnerable Configurations

Part Description Count
Application
Ibm
27

Nessus

  • NASL familyDatabases
    NASL idDB2_97FP2.NASL
    descriptionAccording to its version, the installation of IBM DB2 9.7 running on the remote host is affected by one or more of the following issues : - The
    last seen2020-06-01
    modified2020-06-02
    plugin id46766
    published2010-06-01
    reporterThis script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/46766
    titleIBM DB2 9.7 < Fix Pack 2 Multiple Vulnerabilities
  • NASL familyDatabases
    NASL idDB2_9FP9.NASL
    descriptionAccording to its version, the installation of IBM DB2 9.1 running on the remote host is affected by one or more of the following issues : - The
    last seen2020-06-01
    modified2020-06-02
    plugin id46173
    published2010-04-28
    reporterThis script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/46173
    titleIBM DB2 9.1 < Fix Pack 9 Multiple Vulnerabilities
  • NASL familyDatabases
    NASL idDB2_95FP4.NASL
    descriptionThe IBM DB2 database server running on the remote host is prior to 9.5 Fix Pack 4. It is, therefore, affected by multiple issues : - It may be possible to connect to DB2 servers without valid passwords, provided LDAP-based authentication is used and the remote LDAP server is configured to allow anonymous binds. (JR32268) - It may be possible to trigger a denial of service condition by sending malicious
    last seen2020-06-01
    modified2020-06-02
    plugin id39007
    published2009-06-03
    reporterThis script is Copyright (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/39007
    titleIBM DB2 < 9.5 Fix Pack 4 Multiple Vulnerabilities
  • NASL familyDatabases
    NASL idDB2_95FP6.NASL
    descriptionAccording to its version, the installation of IBM DB2 9.5 running on the remote host is prior to 9.5 Fix Pack 6. It is, therefore, affected by one or more of the following issues : - The Install component on Linux, UNIX, and Windows enforces an unintended limit on password length, which makes it easier for attackers to obtain access via a brute-force attack. (IC62856) - The Security component logs AUDIT events by using a USERID and an AUTHID value corresponding to the instance owner, instead of a USERID and an AUTHID value corresponding to the logged-in user account, which makes it easier for remote, authenticated users to execute Audit administration commands without discovery. (IC65184) - A privilege escalation vulnerability exists in the DB2STST program (on Linux and Unix platforms only). (IC65703) - A malicious user could use the DB2DART program to overwrite files owned by the instance owner. (IC65756) - The scalar function REPEAT contains a buffer overflow that a malicious user with a valid database connection could manipulate, causing the DB2 server to trap. (IC65933) - The Net Search Extender implementation in the Text Search component does not properly handle an alphanumeric Fuzzy search, which could allow a remote, authenticated user to consume memory or even hang the system via the
    last seen2020-06-01
    modified2020-06-02
    plugin id49120
    published2010-09-07
    reporterThis script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/49120
    titleIBM DB2 9.5 < Fix Pack 6a Multiple Vulnerabilities
  • NASL familyDatabases
    NASL idDB2_9FP8.NASL
    descriptionAccording to its version, the IBM DB2 server running on the remote host is prior to 9.1 Fix Pack 8. It is, therefore, affected by multiple vulnerabilities : - MODIFIED SQL DATA table function is not dropped even if the maintainer does not have privileges to maintain the objects. (IZ46773) - It may be possible for an unauthorized user to insert, update, or delete rows in a table. (IZ50078) - An user without
    last seen2020-06-01
    modified2020-06-02
    plugin id42044
    published2009-10-06
    reporterThis script is Copyright (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/42044
    titleIBM DB2 9.1 < Fix Pack 8 Multiple Vulnerabilities