Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2008-2022 and is owned by Tenable, Inc. or an Affiliate thereof.DB2_9FP5.NASL
HistoryJun 10, 2008 - 12:00 a.m.

IBM DB2 < 9 Fix Pack 5 Multiple Vulnerabilities

2008-06-1000:00:00
This script is Copyright (C) 2008-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
29
JSON

According to its version, the IBM DB2 server running on the remote host is affected by one or more of the following issues :

  • There is an unspecified security vulnerability related to a β€˜DB2FMP’ process. (IZ20352)

  • On Windows, the β€˜DB2FMP’ process is running with OS privileges. (JR30026)

  • The CLR stored procedure deployment feature of IBM Database Add-Ins for Visual Studio can be used to escalate privileges or launch a denial of service attack against a DB2 server. (JR28432)

  • The password used to connect to the database can be seen in plaintext in a memory dump. (JR27422)

  • There is a possible stack variable overrun in β€˜SQLRLAKA()’. (IZ16346)

  • A local privilege escalation vulnerability via file creation can result in root-level access. (IZ12735)

  • There are possible buffer overflows involving β€˜XQUERY’, β€˜XMLQUERY’, β€˜XMLEXISTS’, and β€˜XMLTABLE’. (IZ18434)

  • A specially crafted client CONNECT request could crash the server. (IZ07299)

  • There is an unspecified remote buffer overflow in DAS server code. (IZ22188)

  • INSTALL_JAR can be used to create or overwrite critical system files. (IZ21983)

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(33128);
  script_version("1.28");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/11");

  script_cve_id(
    "CVE-2008-2154",
    "CVE-2008-3852",
    "CVE-2008-3854",
    "CVE-2008-3855",
    "CVE-2008-3856",
    "CVE-2008-3857",
    "CVE-2008-6821"
  );
  script_bugtraq_id(29601, 35408, 35409);
  script_xref(name:"SECUNIA", value:"30558");

  script_name(english:"IBM DB2 < 9 Fix Pack 5 Multiple Vulnerabilities");

  script_set_attribute(attribute:"synopsis", value:
"The remote database server is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"According to its version, the IBM DB2 server running on the remote
host is affected by one or more of the following issues :

  - There is an unspecified security vulnerability
    related to a 'DB2FMP' process. (IZ20352)

  - On Windows, the 'DB2FMP' process is running with OS
    privileges. (JR30026)

  - The CLR stored procedure deployment feature of IBM 
    Database Add-Ins for Visual Studio can be used to
    escalate privileges or launch a denial of service
    attack against a DB2 server. (JR28432)

  - The password used to connect to the database can be
    seen in plaintext in a memory dump. (JR27422)

  - There is a possible stack variable overrun in
    'SQLRLAKA()'. (IZ16346)

  - A local privilege escalation vulnerability via file
    creation can result in root-level access. (IZ12735)

  - There are possible buffer overflows involving 'XQUERY', 
    'XMLQUERY', 'XMLEXISTS', and 'XMLTABLE'. (IZ18434)

  - A specially crafted client CONNECT request could
    crash the server. (IZ07299)

  - There is an unspecified remote buffer overflow in
    DAS server code. (IZ22188)

  - INSTALL_JAR can be used to create or overwrite
    critical system files. (IZ21983)");
  script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/496406/30/0/threaded");
  script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/496405/30/0/threaded");
  script_set_attribute(attribute:"see_also", value:"https://www-01.ibm.com/support/docview.wss?uid=swg21255607");
  script_set_attribute(attribute:"see_also", value:"https://www-01.ibm.com/support/docview.wss?uid=swg1IZ20352");
  script_set_attribute(attribute:"see_also", value:"https://www-01.ibm.com/support/docview.wss?uid=swg1JR30026");
  script_set_attribute(attribute:"see_also", value:"https://www-01.ibm.com/support/docview.wss?uid=swg1JR28432");
  script_set_attribute(attribute:"see_also", value:"https://www-01.ibm.com/support/docview.wss?uid=swg1IZ12735");
  script_set_attribute(attribute:"see_also", value:"https://www-01.ibm.com/support/docview.wss?uid=swg1JR27422");
  script_set_attribute(attribute:"see_also", value:"https://www-01.ibm.com/support/docview.wss?uid=swg1IZ16346");
  script_set_attribute(attribute:"see_also", value:"https://www-01.ibm.com/support/docview.wss?uid=swg1IZ18434");
  script_set_attribute(attribute:"see_also", value:"https://www-01.ibm.com/support/docview.wss?uid=swg1IZ07299");
  script_set_attribute(attribute:"see_also", value:"https://www-01.ibm.com/support/docview.wss?uid=swg1IZ22188");
  script_set_attribute(attribute:"see_also", value:"https://www-01.ibm.com/support/docview.wss?uid=swg1IZ21983");
  script_set_attribute(attribute:"solution", value:
"Apply IBM DB2 Version 9 Fix Pack 5 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(16, 119, 200, 264);

  script_set_attribute(attribute:"plugin_publication_date", value:"2008/06/10");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:db2");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Databases");

  script_copyright(english:"This script is Copyright (C) 2008-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("db2_das_detect.nasl");
  script_require_ports("Services/db2das", 523);

  exit(0);
}

include("global_settings.inc");
include("misc_func.inc");
include("db2_report_func.inc");

port = get_service(svc:'db2das', default:523, exit_on_fail:TRUE);

level = get_kb_item("DB2/" + port + "/Level");
if (level !~ '^9\\.[01]\\.') exit(0, "The version of IBM DB2 listening on port "+port+" is not 9.0 or 9.1 and thus is not affected.");

platform = get_kb_item_or_exit("DB2/"+port+"/Platform");
platform_name = get_kb_item("DB2/"+port+"/Platform_Name");
if (isnull(platform_name))
{
  platform_name = platform;
  report_phrase = "platform " + platform;
}
else
  report_phrase = platform_name;

vuln = FALSE;
# Windows 32-bit
if (platform == 5)
{
  fixed_level = '9.1.500.555';
  if (ver_compare(ver:level, fix:fixed_level) == -1)
    vuln = TRUE;
}
# Linux, 2.6 Kernel 32-bit
else if (platform == 18)
{
  fixed_level = '9.1.0.5';
  if (ver_compare(ver:level, fix:fixed_level) == -1)
    vuln = TRUE;
}
else
{
  info = 
    'Nessus does not support version checks against ' + report_phrase + '.\n' +
    'To help us better identify vulnerable versions, please send the platform\n' +
    'number along with details about the platform, including the operating system\n' +
    'version, CPU architecture, and DB2 version to [email protected].\n';
  exit(1, info);
}

if (vuln)
{
  report_db2(
      severity        : SECURITY_HOLE,
      port            : port,
      platform_name   : platform_name,
      installed_level : level,
      fixed_level     : fixed_level);
}
else exit(0, "IBM DB2 "+level+" on " + report_phrase + " is listening on port "+port+" and is not affected.");
VendorProductVersionCPE
ibmdb2cpe:/a:ibm:db2

References

Related

securityvulns 3
nessus 3
openvas 8
cve 7
seebug 1
prion 8
cvelist 8
zdi 1
checkpoint_advisories 1
securityvulns
securityvulns
IBM DB2 multiple security vulnerabilities
2008-09-22 00:00:00
Team SHATTER Security Advisory: Security Vulnerability in CLR stored procedure deployment from IBM Database Add-Ins for Visual Studio
2008-09-22 00:00:00
Team SHATTER Security Advisory: IBM DB2 UDB - Buffer overrun in XMLQUERY and XMLEXISTS
2008-09-22 00:00:00
nessus
nessus
IBM DB2 9.5 < Fix Pack 2 Multiple Vulnerabilities
2008-08-28 00:00:00
IBM DB2 8 < Fix Pack 17 Multiple Vulnerabilities
2008-09-12 00:00:00
IBM DB2 < 9.5 Fix Pack 1 Multiple Vulnerabilities
2008-07-30 00:00:00
openvas
openvas
IBM DB2 Multiple Vulnerabilities (Windows)
2009-06-30 00:00:00
IBM Db2 Multiple Vulnerabilities - Windows
2009-06-30 00:00:00
IBM DB2 Multiple Vulnerabilities (Linux)
2009-06-30 00:00:00
cve
cve
CVE-2008-6821
2009-06-03 21:00:00
CVE-2008-3855
2008-08-28 17:41:00
CVE-2008-2154
2009-06-03 21:00:00
seebug
seebug
IBM DB2 DAS ServerηΌ“ε†²εŒΊζΊ’ε‡ΊζΌζ΄ž
2009-06-22 00:00:00
prion
prion
Stack overflow
2008-08-28 17:41:00
Code injection
2008-08-28 17:41:00
Code injection
2009-06-03 21:00:00
cvelist
cvelist
CVE-2008-3854
2008-08-28 17:00:00
CVE-2008-2154
2009-06-03 20:35:00
CVE-2008-3852
2008-08-28 17:00:00
zdi
zdi
IBM DB2 install_jar Arbitrary File Upload Remote Code Execution Vulnerability
2010-10-19 00:00:00
checkpoint_advisories
checkpoint_advisories
IBM DB2 Universal Database XML Query Buffer Overflow (CVE-2008-3854)
2009-11-16 00:00:00
JSON
Related for DB2_9FP5.NASL
securityvulns3nessus3openvas8cve7seebug1prion8cvelist8zdi1checkpoint_advisories1