Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMEF15DBE9DF088EEA41E61AFA61E2908FA17CEBFD7F299E7B8954046C59CDBA62
HistoryJun 25, 2018 - 5:54 a.m.

Security Bulletin: Multiple security vulnerabilities have been identified in IBM DB2 shipped with IBM Predictive Maintenance and Quality (CVE-2016-9840, CVE-2016-9841, CVE-2017-1297, CVE-2017-1105)

2018-06-2505:54:54
www.ibm.com
15

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

Summary

IBM DB2 is shipped as components of IBM Predictive Maintenance and Quality. Information about some security vulnerability affecting IBM DB2 have been published their respective security bulletins.

Vulnerability Details

Please consult the security bulletin IBM® DB2® LUW on AIX and Linux Affected by vulnerabilities in zlib (CVE-2016-9840, CVE-2016-9841) for vulnerability details and information about fixes.
Please consult the security bulletin IBM® DB2® LUW’s Command Line Processor Contains Buffer Overflow Vulnerability (CVE-2017-1297) for vulnerability details and information about fixes.
Please consult the security bulletin Buffer overflow vulnerability in IBM® DB2® LUW (CVE-2017-1105) for vulnerability details and information about fixes.

Affected Products and Versions

Principal Product and Version(s)

| Affected Supporting Product and Version
—|—
IBM Predictive Maintenance and Quality 2.6.0
IBM Predictive Maintenance and Quality 2.5.3
IBM IoT Predictive Maintenance and Optimization 1.0.0| IBM DB2 Enterprise Server Edition V10.5

Remediation/Fixes

1. Stop COGNOS server, CNDS server, IIB server and DB2 server.

For details, refer <https://www.ibm.com/support/knowledgecenter/en/SSTNNL_2.6.0/com.ibm.pmq.doc/c_inst_pmq_stopsolutionservices.html&gt;

2. Get the v10.5fp8_linuxx64_nlpack.tar.gz from installation payload pm_q_svr_2.6_1_l86-64_en.tar.gz, pm_q_svr_2.5.3_1_l86-64_en.tar.gz or pmo_srv_1.0_1_l86-64_en.tar.gz , and unpack v10.5fp8_linuxx64_nlpack.tar.gz to a temp directory, for example: /home/user/tmp.

3. Download the fixpack mentioned in vulnerability details, unpack and install by below command provided in that pack

./installFixPack

4. During the installation, need to input the db2 installtion directory, the default should be, /opt/ibm/db2/V10.5

5. During the installation, need to input path for “Volume label DB2 National Language Package”, then input the temporary path created above, /home/user/tmp/nlpack/, for example

6. Start the servers being stopped. For details, refer

<https://www.ibm.com/support/knowledgecenter/en/SSTNNL_2.6.0/com.ibm.pmq.doc/c_inst_pmq_startsolutionservices.html&gt;

Related

openvas 45
nessus 51
ibm 59
osv 7
cloudfoundry 2
freebsd 1
gentoo 2
mageia 1
debian 2
ubuntu 3
thn 1
veracode 2
prion 4
photon 1
ubuntucve 2
cve 4
debiancve 2
alpinelinux 2
exploitpack 1
talos 1
zdt 1
exploitdb 1
redhat 2
suse 2
openvas
openvas
Huawei EulerOS: Security Advisory for zlib (EulerOS-SA-2020-1741)
2020-07-03 00:00:00
Mageia: Security Advisory (MGASA-2020-0108)
2022-01-28 00:00:00
Huawei EulerOS: Security Advisory for zlib (EulerOS-SA-2019-1276)
2020-01-23 00:00:00
nessus
nessus
EulerOS Virtualization 3.0.6.0 : zlib (EulerOS-SA-2020-1741)
2020-07-01 00:00:00
IBM DB2 9.7 < FP11 Special Build 36792 / 10.1 < FP6 Special Build 36792 / 10.5 < FP8 Special Build 36792 / 11.1.2.2 < FP2 Special Build 36792 Multiple Vulnerabilities (Windows)
2017-09-15 00:00:00
IBM DB2 9.7 < FP11 Special Build 36621 / 10.1 < FP6 Special Build 36610 / 10.5 < FP8 Special Build 36605 / 11.1.2 < FP2 Multiple Vulnerabilities (Windows)
2017-06-30 00:00:00
ibm
ibm
Security Bulletin: Multiple DB2 vulnerabilities affect IBM Spectrum Protect (formerly Tivoli Storage Manger) Server (CVE-2017-1105, CVE-2017-1297)
2018-06-17 15:46:29
Security Bulletin: IBM Tivoli Monitoring Agent Framework component. (CVE-2016-9840, CVE-2016-9841, CVE-2016-9843)
2018-06-17 15:41:57
Security Bulletin: Multiple vulnerabilities in Open Source zlib affects IBM Netezza Platform Software clients (CVE-2016-9840, CVE-2016-9841 and CVE-2016-9843).
2019-10-18 03:10:29
osv
osv
klibc vulnerabilities
2024-04-16 11:43:39
zlib - security update
2020-01-29 00:00:00
Zlib 1.2.11
2017-05-23 03:56:00
cloudfoundry
cloudfoundry
USN-4292-1: rsync vulnerabilities | Cloud Foundry
2020-03-10 00:00:00
USN-4246-1: zlib vulnerabilities | Cloud Foundry
2020-02-12 00:00:00
freebsd
freebsd
net/rsync -- multiple zlib issues
2020-06-19 00:00:00
gentoo
gentoo
rsync: Multiple vulnerabilities
2020-07-28 00:00:00
zlib: Multiple vulnerabilities
2017-01-23 00:00:00
mageia
mageia
Updated rsync packages fix security vulnerabilities
2020-02-29 16:42:35
debian
debian
[SECURITY] [DLA 2085-1] zlib security update
2020-01-29 21:52:33
[SECURITY] [DLA 1725-1] rsync security update
2019-03-24 21:48:25
ubuntu
ubuntu
rsync vulnerabilities
2020-02-25 00:00:00
klibc vulnerabilities
2024-04-16 00:00:00
zlib vulnerabilities
2020-01-22 00:00:00
thn
thn
Dozens of Vulnerable NuGet Packages Allow Attackers to Target .NET Platform
2021-07-07 12:58:00
veracode
veracode
Arbitrary Code Execution
2019-01-15 09:17:08
Denial Of Service (DoS)
2019-05-02 06:11:09
prion
prion
Null pointer dereference
2017-05-23 04:29:00
Null pointer dereference
2017-05-23 04:29:00
Buffer overflow
2017-06-27 16:29:00
photon
photon
Critical Photon OS Security Update - PHSA-2017-0051
2017-06-22 00:00:00
ubuntucve
ubuntucve
CVE-2016-9840
2017-05-23 00:00:00
CVE-2016-9841
2017-05-23 00:00:00
cve
cve
CVE-2016-9840
2017-05-23 04:29:00
CVE-2016-9841
2017-05-23 04:29:00
CVE-2017-1105
2017-06-27 16:29:00
debiancve
debiancve
CVE-2016-9840
2017-05-23 04:29:00
CVE-2016-9841
2017-05-23 04:29:00
alpinelinux
alpinelinux
CVE-2016-9840
2017-05-23 04:29:00
CVE-2016-9841
2017-05-23 04:29:00
exploitpack
exploitpack
IBM DB2 9.710.110.511.1 - Command Line Processor Buffer Overflow
2017-06-26 00:00:00
talos
talos
IBM DB2 Shared Memory Insecure Permissions Vulnerability
2018-04-06 00:00:00
zdt
zdt
IBM DB2 9.7 / 10.1 / 10.5 / 11.1 - Command Line Processor Buffer Overflow Exploit
2017-06-27 00:00:00
exploitdb
exploitdb
IBM DB2 9.7/10.1/10.5/11.1 - Command Line Processor Buffer Overflow
2017-06-26 00:00:00
redhat
redhat
(RHSA-2017:1222) Moderate: java-1.6.0-ibm security update
2017-05-10 12:23:26
(RHSA-2017:1221) Moderate: java-1.7.1-ibm security update
2017-05-10 12:23:11
suse
suse
Security update for java-1_7_0-ibm (important)
2017-05-23 21:13:05
Security update for java-1_7_1-ibm (important)
2017-05-23 21:14:27

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON
Related for EF15DBE9DF088EEA41E61AFA61E2908FA17CEBFD7F299E7B8954046C59CDBA62
openvas45nessus51ibm59osv7cloudfoundry2freebsd1gentoo2mageia1debian2ubuntu3thn1veracode2prion4photon1ubuntucve2cve4debiancve2alpinelinux2exploitpack1talos1zdt1exploitdb1redhat2suse2