Security Bulletin: IBM Security Guardium is affected by vulnerabilities in DB2, which Guardium ships

Summary

IBM Security Guardium has fixed these vulnerabilities

Vulnerability Details

CVEID:CVE-2008-4692
**DESCRIPTION:**An unspecified error in IBM DB2 related to the failure to drop views and triggers within the Native Managed Provider for .NET has an unknown impact and attack vector.
CVSS Base score: 5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/46021 for the current score.
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVEID:CVE-2007-2582
**DESCRIPTION:**An unspecified error in IBM DB2 related to the failure to drop views and triggers within the Native Managed Provider for .NET has an unknown impact and attack vector.
CVSS Base score: 7
CVSS Vector:

CVEID:CVE-2007-3676
**DESCRIPTION:**The IBM DB2 Administration Server (DAS) server could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error in db2dassrm. By sending a specially-crafted request to TCP port 523, a remote attacker could crash the service or execute arbitrary code with elevated privileges.
CVSS Base score: 6.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/40230 for the current score.
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVEID:CVE-2007-5090
**DESCRIPTION:**IBM Rational ClearQuest has an unspecified vulnerability which could allow a local attacker to manipulate data. An attacker could exploit this vulnerability to possibly launch further attacks on the vulnerable system.
CVSS Base score: 1.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/36771 for the current score.
CVSS Vector: (AV:L/AC:H/Au:N/C:N/I:P/A:N)

CVEID:CVE-2007-5652
**DESCRIPTION:**IBM DB2 is vulnerable to a denial of service caused by unspecified memory corruption errors in UDB authentication list handling. An attacker could exploit this vulnerability through unknown attack vectors to crash the authentication routine.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/37290 for the current score.
CVSS Vector: (AV:A/AC:M/Au:N/C:N/I:P/A:P)

CVEID:CVE-2008-3958
**DESCRIPTION:**IBM DB2 UDB is vulnerable to a denial of service, caused by an unspecified error when processing requests. By sending a specially-crafted CONNECT and ATTACH request that simulates a v7 client connect/attach request, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/45133 for the current score.
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVEID:CVE-2008-3959
**DESCRIPTION:**IBM DB2 UDB is vulnerable to a denial of service, caused by an unspecified error when processing requests. By sending a specially-crafted CONNECT and ATTACH request that simulates a v7 client connect/attach request, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/45134 for the current score.
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVEID:CVE-2008-4691
**DESCRIPTION:**An unspecified error in IBM DB2 related to the SQLNLS_UNPADDEDCHARLEN() function can cause a segmentation fault, resulting in a denial of service.
CVSS Base score: 5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/46019 for the current score.
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

Affected Products and Versions

Remediation/Fixes

Workarounds and Mitigations

None