IBM DB2 9.7 < FP11 Special Build 36826 / 10.1 < FP6 Special Build 36827 / 10.5 < FP8 Special Build 36828 / 11.1.2.2 < FP2 Special Build 36792 Multiple Vulnerabilities (UNIX)

2017-09-15T00:00:00
ID DB2_1112FP2_36792_NIX.NASL
Type nessus
Reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
Modified 2020-04-02T00:00:00

Description

According to its version, the installation of IBM DB2 running on the remote host is either 9.7 prior to fix pack 11 Special Build 36826, 10.1 prior to fix pack 6 Special Build 36827, 10.5 prior to fix pack 7 Special Build 36828, or 11.1.2.2 prior to fix pack 2 Special Build 36792. It is, therefore, affected by multiple vulnerabilities related to privilege escalation as described in the advisories.

Note: swg22007183 only affects 10.5.x and 11.1.2.2.x, and swg22005740 only affects 11.1.2.2.x.

                                        
                                            #
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(103252);
  script_version("1.7");
  script_cvs_date("Date: 2019/11/12");

  script_cve_id(
    "CVE-2017-1420",
    "CVE-2017-1434",
    "CVE-2017-1438",
    "CVE-2017-1439",
    "CVE-2017-1452",
    "CVE-2017-1519"
  );

  script_name(english:"IBM DB2 9.7 < FP11 Special Build 36826 / 10.1 < FP6 Special Build 36827 / 10.5 < FP8 Special Build 36828 / 11.1.2.2 < FP2 Special Build 36792 Multiple Vulnerabilities (UNIX)");
  script_summary(english:"Checks the DB2 signature.");

  script_set_attribute(attribute:"synopsis", value:
"The remote database server is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"According to its version, the installation of IBM DB2 running on the
remote host is either 9.7 prior to fix pack 11 Special Build 36826,
10.1 prior to fix pack 6 Special Build 36827, 10.5 prior to fix
pack 7 Special Build 36828, or 11.1.2.2 prior to fix pack 2 Special 
Build 36792. It is, therefore, affected by multiple
vulnerabilities related to privilege escalation as described in the advisories.

Note: swg22007183 only affects 10.5.x and 11.1.2.2.x, and swg22005740 
only affects 11.1.2.2.x.");
  script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg22006061");
  script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg22006885");
  script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg22006109");
  script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg22007183");
  script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg22007186");
  script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg22005740");
  script_set_attribute(attribute:"solution", value:
"Apply the appropriate IBM DB2 Special Build based on the most recent
fix pack level for your branch.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-1452");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/09/07");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/09/07");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/09/15");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:db2");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Databases");

  script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("db2_installed.nbin");
  script_require_keys("installed_sw/DB2 Server");
  script_exclude_keys("SMB/db2/Installed");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("install_func.inc");
include("db2_report_func.inc");

# The remote host's OS is Windows, not Linux.
if (get_kb_item("SMB/db2/Installed")) audit(AUDIT_OS_NOT, "Linux", "Windows");

app = "DB2 Server";
install  = get_single_install(app_name:app, exit_if_unknown_ver:TRUE);

# DB2 has an optional OpenSSH server that will run on 
# windows.  We need to exit out if we picked up the windows
# installation that way.
if ("Windows" >< install['platform'])
  audit(AUDIT_HOST_NOT, "Linux based operating system");

port     = install['port'];
version  = kb_version = install['version'];
path     = install['path'];
special_build = install['special_build'];
if(!port) port = 0;

if (empty_or_null(special_build)) special_build = "None";
if (special_build != "None") kb_version += " with Special Build " + special_build;

fix_ver = NULL;
fix_build = NULL;

if (version =~ "^9\.7\.")
{
  fix_ver = "9.7.0.11";
  fix_build = "36826";
}
else if (version =~ "^10\.1\.")
{
  fix_ver = "10.1.0.6";
  fix_build = "36827";
}
else if (version =~ "^10\.5\.")
{
  fix_ver = "10.5.0.8";
  fix_build = "36828";
}
else if (version =~ "^11\.")
{
  fix_ver = "11.1.2.2";
  fix_build = "36792";
}
else
  audit(AUDIT_INST_PATH_NOT_VULN, app, kb_version, path);

vuln = FALSE;
if (!isnull(fix_ver))
{
  cmp = ver_compare(ver:version, fix:fix_ver, strict:FALSE);
  # less than current fix pack
  if(cmp < 0)
    vuln = TRUE;
  else if (cmp == 0 && !isnull(fix_build))
  {
    # missing special build or less than current special build
    if (special_build == "None" || ver_compare(ver:special_build, fix:fix_build, strict:FALSE) < 0)
      vuln = TRUE;
  }
}

if (!vuln)
    audit(AUDIT_INST_PATH_NOT_VULN, app, kb_version, path);

report_db2(
    severity          : SECURITY_HOLE,
    port              : port,
    product           : app,
    path              : path,
    installed_version : version,
    fixed_version     : fix_ver,
    special_installed : special_build,
    special_fix       : fix_build);