Vulnerabilities > CVE-2017-1438 - Unspecified vulnerability in IBM DB2 and DB2 Connect

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

ibm

linux

microsoft

nessus

NVD

Published: 2017-09-12

Updated: 2019-10-03

Summary

IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileges to obtain root access. IBM X-Force ID: 128057.

Vulnerable Configurations

Part	Description	Count
Application	Ibm IBM DB2 9.7 IBM DB2 9.7.0.1 IBM DB2 9.7.0.2 IBM DB2 9.7.0.3 IBM DB2 9.7.0.4 IBM DB2 9.7.0.5 IBM DB2 9.7.0.6 IBM DB2 9.7.0.7 IBM DB2 9.7.0.8 IBM DB2 9.7.0.9 IBM DB2 9.7.0.10 IBM DB2 9.7.0.11 IBM DB2 10.1 IBM DB2 10.1.0.1 IBM DB2 10.1.0.2 IBM DB2 10.1.0.3 IBM DB2 10.1.0.4 IBM DB2 10.1.0.5 IBM DB2 10.5 IBM DB2 10.5.0.1 IBM DB2 10.5.0.2 IBM DB2 10.5.0.3 IBM DB2 10.5.0.4 IBM DB2 10.5.0.5 IBM DB2 10.5.0.6 IBM DB2 10.5.0.7 IBM DB2 11.1.0.0 IBM DB2 Connect 9.7 IBM DB2 Connect 9.7.0.1 IBM DB2 Connect 9.7.0.2 IBM DB2 Connect 9.7.0.3 IBM DB2 Connect 9.7.0.4 IBM DB2 Connect 9.7.0.5 IBM DB2 Connect 9.7.0.6 IBM DB2 Connect 9.7.0.7 IBM DB2 Connect 9.7.0.8 IBM DB2 Connect 9.7.0.9 IBM DB2 Connect 9.7.0.10 IBM DB2 Connect 9.7.0.11 IBM DB2 Connect 10.1 IBM DB2 Connect 10.1.0.1 IBM DB2 Connect 10.1.0.2 IBM DB2 Connect 10.1.0.3 IBM DB2 Connect 10.1.0.4 IBM DB2 Connect 10.1.0.5 IBM DB2 Connect 10.5 IBM DB2 Connect 10.5.0.1 IBM DB2 Connect 10.5.0.2 IBM DB2 Connect 10.5.0.3 IBM DB2 Connect 10.5.0.4 IBM DB2 Connect 10.5.0.5 IBM DB2 Connect 10.5.0.6 IBM DB2 Connect 10.5.0.7 IBM DB2 Connect 11.1.0.0	56
OS	Linux Linux Linux Kernel -	1
OS	Microsoft Microsoft Windows -	1

Nessus

NASL family	Databases
NASL id	DB2_1112FP2_36792_NIX.NASL
description	According to its version, the installation of IBM DB2 running on the remote host is either 9.7 prior to fix pack 11 Special Build 36826, 10.1 prior to fix pack 6 Special Build 36827, 10.5 prior to fix pack 7 Special Build 36828, or 11.1.2.2 prior to fix pack 2 Special Build 36792. It is, therefore, affected by multiple vulnerabilities related to privilege escalation as described in the advisories. Note: swg22007183 only affects 10.5.x and 11.1.2.2.x, and swg22005740 only affects 11.1.2.2.x.
last seen	2020-06-01
modified	2020-06-02
plugin id	103252
published	2017-09-15
reporter	This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/103252
title	IBM DB2 9.7 < FP11 Special Build 36826 / 10.1 < FP6 Special Build 36827 / 10.5 < FP8 Special Build 36828 / 11.1.2.2 < FP2 Special Build 36792 Multiple Vulnerabilities (UNIX)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(103252); script_version("1.7"); script_cvs_date("Date: 2019/11/12"); script_cve_id( "CVE-2017-1420", "CVE-2017-1434", "CVE-2017-1438", "CVE-2017-1439", "CVE-2017-1452", "CVE-2017-1519" ); script_name(english:"IBM DB2 9.7 < FP11 Special Build 36826 / 10.1 < FP6 Special Build 36827 / 10.5 < FP8 Special Build 36828 / 11.1.2.2 < FP2 Special Build 36792 Multiple Vulnerabilities (UNIX)"); script_summary(english:"Checks the DB2 signature."); script_set_attribute(attribute:"synopsis", value: "The remote database server is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "According to its version, the installation of IBM DB2 running on the remote host is either 9.7 prior to fix pack 11 Special Build 36826, 10.1 prior to fix pack 6 Special Build 36827, 10.5 prior to fix pack 7 Special Build 36828, or 11.1.2.2 prior to fix pack 2 Special Build 36792. It is, therefore, affected by multiple vulnerabilities related to privilege escalation as described in the advisories. Note: swg22007183 only affects 10.5.x and 11.1.2.2.x, and swg22005740 only affects 11.1.2.2.x."); script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg22006061"); script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg22006885"); script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg22006109"); script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg22007183"); script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg22007186"); script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg22005740"); script_set_attribute(attribute:"solution", value: "Apply the appropriate IBM DB2 Special Build based on the most recent fix pack level for your branch."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-1452"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/09/07"); script_set_attribute(attribute:"patch_publication_date", value:"2016/09/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/09/15"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:db2"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Databases"); script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("db2_installed.nbin"); script_require_keys("installed_sw/DB2 Server"); script_exclude_keys("SMB/db2/Installed"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("install_func.inc"); include("db2_report_func.inc"); # The remote host's OS is Windows, not Linux. if (get_kb_item("SMB/db2/Installed")) audit(AUDIT_OS_NOT, "Linux", "Windows"); app = "DB2 Server"; install = get_single_install(app_name:app, exit_if_unknown_ver:TRUE); # DB2 has an optional OpenSSH server that will run on # windows. We need to exit out if we picked up the windows # installation that way. if ("Windows" >< install['platform']) audit(AUDIT_HOST_NOT, "Linux based operating system"); port = install['port']; version = kb_version = install['version']; path = install['path']; special_build = install['special_build']; if(!port) port = 0; if (empty_or_null(special_build)) special_build = "None"; if (special_build != "None") kb_version += " with Special Build " + special_build; fix_ver = NULL; fix_build = NULL; if (version =~ "^9\.7\.") { fix_ver = "9.7.0.11"; fix_build = "36826"; } else if (version =~ "^10\.1\.") { fix_ver = "10.1.0.6"; fix_build = "36827"; } else if (version =~ "^10\.5\.") { fix_ver = "10.5.0.8"; fix_build = "36828"; } else if (version =~ "^11\.") { fix_ver = "11.1.2.2"; fix_build = "36792"; } else audit(AUDIT_INST_PATH_NOT_VULN, app, kb_version, path); vuln = FALSE; if (!isnull(fix_ver)) { cmp = ver_compare(ver:version, fix:fix_ver, strict:FALSE); # less than current fix pack if(cmp < 0) vuln = TRUE; else if (cmp == 0 && !isnull(fix_build)) { # missing special build or less than current special build if (special_build == "None" \|\| ver_compare(ver:special_build, fix:fix_build, strict:FALSE) < 0) vuln = TRUE; } } if (!vuln) audit(AUDIT_INST_PATH_NOT_VULN, app, kb_version, path); report_db2( severity : SECURITY_HOLE, port : port, product : app, path : path, installed_version : version, fixed_version : fix_ver, special_installed : special_build, special_fix : fix_build);

Summary

Vulnerable Configurations

Nessus

References