Vulnerabilities > CVE-2012-2180 - Multiple Security vulnerability in IBM DB2

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
ibm
nessus

Summary

The chaining functionality in the Distributed Relational Database Architecture (DRDA) module in IBM DB2 9.7 before FP6 and 9.8 before FP5 allows remote attackers to cause a denial of service (NULL pointer dereference, and resource consumption or daemon crash) via a crafted request. Per: http://cwe.mitre.org/data/definitions/476.html 'CWE-476: NULL Pointer Dereference'

Nessus

  • NASL familyDatabases
    NASL idDB2_98FP5.NASL
    descriptionAccording to its version, the installation of IBM DB2 9.8 running on the remote host is prior to Fix Pack 5. It is, therefore, affected by multiple vulnerabilities : - An authorized user with
    last seen2020-06-01
    modified2020-06-02
    plugin id59905
    published2012-07-10
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/59905
    titleIBM DB2 9.8 < Fix Pack 5 Multiple Vulnerabilities
  • NASL familyDatabases
    NASL idDB2_97FP6.NASL
    descriptionAccording to its version, the installation of DB2 9.7 running on the remote host is prior to Fix Pack 6. It is, therefore, affected by multiple vulnerabilities : - A local user can exploit a vulnerability in the bundled IBM Tivoli Monitoring Agent (ITMA) to escalate their privileges. (CVE-2011-4061) - An authorized user with
    last seen2020-06-01
    modified2020-06-02
    plugin id59904
    published2012-07-10
    reporterThis script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/59904
    titleIBM DB2 9.7 < Fix Pack 6 Multiple Vulnerabilities