Versions of IBM DB2 10.5 prior to Fix Pack 8 and 11.x prior to 11.1 are potentially affected by multiple vulnerabilities :
- An unspecified flaw exists that may allow a local attacker to gain elevated privileges. No further details have been provided by the vendor.
- An unspecified flaw exists that may allow a local attacker to gain access to arbitrary memory locations. No further details have been provided by the vendor.
- An unspecified flaw exists that is triggered when dereferencing user pointers. This may allow a local attacker to crash the file system.
- A flaw exists in the ‘DTDScanner::scanChildren()’ function in ‘validators/DTD/DTDScanner.cpp’ that is triggered when handling user requests. With a specially crafted request, a context-dependent attacker can cause the application linked against the library to exhaust resources causing it to stop responding or crash.
- A flaw exists that is triggered when a local attacker sets environment variables that are processed by setuid programs. This may allow the attacker to execute commands with root privileges.
- A flaw exists that is triggered when a local attacker supplies command line parameters to setuid programs. This may allow the attacker to execute commands with root privileges.
- An overflow condition exists that is triggered as certain input is not properly validated. This may allow an authenticated remote attacker to cause a buffer overflow, potentially allowing them to bypass security restrictions and disclose sensitive information.
- A flaw exists that is due to the program insecurely loading binaries planted in a location that a SETGID or SETUID binary would execute. This may allow a local attacker to gain elevated, root privileges.
- A flaw exists in the ‘SQLNP_SCOPE_TRIAL()’ function that is triggered during the handling of SQL statements. This may allow an authenticated attacker to crash the database.
- Multiple flaws exist in the Query Compiler QGM that is triggered when handling specific queries. With a specially crafted query, an authenticated attacker can cause the database to crash.