IBM DB2 9.8 < Fix Pack 5 Multiple Vulnerabilities

Versions of IBM DB2 9.8 earlier than Fix Pack 5 are potentially affected by multiple issues :

• A flaw exists in relational data services that is due to privileges persisting when they’re removed from users. This may allow attackers to execute non-DDL statements after their privileges have been revoked.
• A flaw exists that is triggered when Self Tuning Memory Manager (STMM) is enabled and DATABASE_MEMORY is set to AUTOMATIC. This may allow a local attacker to potentially cause a crash.
• An authorized user with ‘CONNECT’ privileges from ‘PUBLIC’ can cause a denial of service via unspecified methods related to DB2’s XML feature. (CVE-2012-0712)
• An unspecified information disclosure vulnerability exists related to the XML feature that can allow improper access to arbitrary XML files. (CVE-2012-0713)
• An error exists related to the Distributed RelationalDatabase Architecture (DRDA) that can allow denial of service conditions when processing certain request. (CVE-2012-2180)