Search...

IBM DB2 Administration Server Buffer Overflow Vulnerability (Linux)

2012-04-02T00:00:00

ID OPENVAS:802728
Type openvas
Reporter Copyright (C) 2012 Greenbone Networks GmbH
Modified 2017-04-14T00:00:00

Description

This host is installed with IBM DB2 and is prone to buffer overflow vulnerability.

                                        
                                            ###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_ibm_db2_admin_server_bof_vuln_lin.nasl 5956 2017-04-14 09:02:12Z teissa $
#
# IBM DB2 Administration Server Buffer Overflow Vulnerability (Linux)
#
# Authors:
# Madhuri D &lt;dmadhuri@secpod.com&gt;
#
# Copyright:
# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

tag_impact = "Successful exploitation will allow attacker to cause denial of service.
  Impact Level: Application.";
tag_affected = "IBM DB2 version 9.1 through FP11
  IBM DB2 version 9.5 through FP8
  IBM DB2 version 9.7 through FP5";
tag_insight = "This flaw is due to an unspecified error within the DAS component can be
  exploited to compromise the component or cause a denial of service.";
tag_solution = "Upgrade to IBM DB2 version 9.5 FP9 or later,
  For updates refer to http://www-01.ibm.com/support/docview.wss?uid=swg21588098";
tag_summary = "This host is installed with IBM DB2 and is prone to buffer overflow
  vulnerability.";

if(description)
{
  script_id(802728);
  script_version("$Revision: 5956 $");
  script_cve_id("CVE-2012-0711");
  script_bugtraq_id(52326);
  script_tag(name:"last_modification", value:"$Date: 2017-04-14 11:02:12 +0200 (Fri, 14 Apr 2017) $");
  script_tag(name:"creation_date", value:"2012-04-02 18:37:15 +0530 (Mon, 02 Apr 2012)");
  script_tag(name:"cvss_base", value:"7.5");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_name("IBM DB2 Administration Server Buffer Overflow Vulnerability (Linux)");
  script_xref(name : "URL" , value : "http://secunia.com/advisories/48279");
  script_xref(name : "URL" , value : "http://xforce.iss.net/xforce/xfdb/73495");
  script_xref(name : "URL" , value : "http://www-01.ibm.com/support/docview.wss?uid=swg21588093");
  script_xref(name : "URL" , value : "http://www-01.ibm.com/support/docview.wss?uid=swg27007053");

  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2012 Greenbone Networks GmbH");
  script_family("Databases");
  script_dependencies("secpod_ibm_db2_detect_linux_900217.nasl");
  script_require_keys("Linux/IBM_db2/Ver");
  script_tag(name : "impact" , value : tag_impact);
  script_tag(name : "affected" , value : tag_affected);
  script_tag(name : "insight" , value : tag_insight);
  script_tag(name : "solution" , value : tag_solution);
  script_tag(name : "summary" , value : tag_summary);
  script_tag(name:"qod_type", value:"executable_version");
  script_tag(name:"solution_type", value:"VendorFix");
  exit(0);
}


include("version_func.inc");

## Variable Initialization
ibmVer = "";

ibmVer = get_kb_item("Linux/IBM_db2/Ver");
if(ibmVer == NULL){
  exit(0);
}

## Check for IBM DB2 Version 9.1 through 9.1 FP11  (IBM DB2 9.1 FP11 = 9.1.0.11)
## Check for IBM DB2 Version 9.5 before 9.5 FP8 (IBM DB2 9.5 FP8 = 9.5.0.8)
## Check for IBM DB2 Version 9.7 before 9.7 FP5 (IBM DB2 9.7 FP5 = 9.7.0.5)
if(version_in_range(version:ibmVer, test_version:"9.1", test_version2:"9.1.0.11") ||
   version_in_range(version:ibmVer, test_version:"9.7", test_version2:"9.7.0.5")||
   version_in_range(version:ibmVer, test_version:"9.5", test_version2:"9.5.0.8")){
  security_message(0);
}

JSON Vulners Source

Initial Source

{"id": "OPENVAS:802728", "type": "openvas", "bulletinFamily": "scanner", "title": "IBM DB2 Administration Server Buffer Overflow Vulnerability (Linux)", "description": "This host is installed with IBM DB2 and is prone to buffer overflow\n vulnerability.", "published": "2012-04-02T00:00:00", "modified": "2017-04-14T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=802728", "reporter": "Copyright (C) 2012 Greenbone Networks GmbH", "references": ["http://www-01.ibm.com/support/docview.wss?uid=swg21588093", "http://xforce.iss.net/xforce/xfdb/73495", "http://secunia.com/advisories/48279", "http://www-01.ibm.com/support/docview.wss?uid=swg27007053"], "cvelist": ["CVE-2012-0711"], "lastseen": "2017-07-02T21:10:53", "viewCount": 2, "enchantments": {"score": {"value": 6.8, "vector": "NONE", "modified": "2017-07-02T21:10:53", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2012-0711"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310802728"]}, {"type": "nessus", "idList": ["DB2_97FP6.NASL", "DB2_95FP9.NASL", "DB2_9FP12.NASL"]}], "modified": "2017-07-02T21:10:53", "rev": 2}, "vulnersScore": 6.8}, "pluginID": "802728", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ibm_db2_admin_server_bof_vuln_lin.nasl 5956 2017-04-14 09:02:12Z teissa $\n#\n# IBM DB2 Administration Server Buffer Overflow Vulnerability (Linux)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will allow attacker to cause denial of service.\n Impact Level: Application.\";\ntag_affected = \"IBM DB2 version 9.1 through FP11\n IBM DB2 version 9.5 through FP8\n IBM DB2 version 9.7 through FP5\";\ntag_insight = \"This flaw is due to an unspecified error within the DAS component can be\n exploited to compromise the component or cause a denial of service.\";\ntag_solution = \"Upgrade to IBM DB2 version 9.5 FP9 or later,\n For updates refer to http://www-01.ibm.com/support/docview.wss?uid=swg21588098\";\ntag_summary = \"This host is installed with IBM DB2 and is prone to buffer overflow\n vulnerability.\";\n\nif(description)\n{\n script_id(802728);\n script_version(\"$Revision: 5956 $\");\n script_cve_id(\"CVE-2012-0711\");\n script_bugtraq_id(52326);\n script_tag(name:\"last_modification\", value:\"$Date: 2017-04-14 11:02:12 +0200 (Fri, 14 Apr 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-02 18:37:15 +0530 (Mon, 02 Apr 2012)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"IBM DB2 Administration Server Buffer Overflow Vulnerability (Linux)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/48279\");\n script_xref(name : \"URL\" , value : \"http://xforce.iss.net/xforce/xfdb/73495\");\n script_xref(name : \"URL\" , value : \"http://www-01.ibm.com/support/docview.wss?uid=swg21588093\");\n script_xref(name : \"URL\" , value : \"http://www-01.ibm.com/support/docview.wss?uid=swg27007053\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_family(\"Databases\");\n script_dependencies(\"secpod_ibm_db2_detect_linux_900217.nasl\");\n script_require_keys(\"Linux/IBM_db2/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n## Variable Initialization\nibmVer = \"\";\n\nibmVer = get_kb_item(\"Linux/IBM_db2/Ver\");\nif(ibmVer == NULL){\n exit(0);\n}\n\n## Check for IBM DB2 Version 9.1 through 9.1 FP11 (IBM DB2 9.1 FP11 = 9.1.0.11)\n## Check for IBM DB2 Version 9.5 before 9.5 FP8 (IBM DB2 9.5 FP8 = 9.5.0.8)\n## Check for IBM DB2 Version 9.7 before 9.7 FP5 (IBM DB2 9.7 FP5 = 9.7.0.5)\nif(version_in_range(version:ibmVer, test_version:\"9.1\", test_version2:\"9.1.0.11\") ||\n version_in_range(version:ibmVer, test_version:\"9.7\", test_version2:\"9.7.0.5\")||\n version_in_range(version:ibmVer, test_version:\"9.5\", test_version2:\"9.5.0.8\")){\n security_message(0);\n}\n", "naslFamily": "Databases"}

{"cve": [{"lastseen": "2020-10-03T12:06:00", "description": "Integer signedness error in the db2dasrrm process in the DB2 Administration Server (DAS) in IBM DB2 9.1 through FP11, 9.5 before FP9, and 9.7 through FP5 on UNIX platforms allows remote attackers to execute arbitrary code via a crafted request that triggers a heap-based buffer overflow.", "edition": 3, "cvss3": {}, "published": "2012-03-20T20:55:00", "title": "CVE-2012-0711", "type": "cve", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0711"], "modified": "2018-10-10T10:29:00", "cpe": ["cpe:/a:ibm:db2:9.5", "cpe:/a:ibm:db2:9.1", "cpe:/a:ibm:db2:9.7"], "id": "CVE-2012-0711", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0711", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:ibm:db2:9.5:fp4a:*:*:*:*:*:*", "cpe:2.3:a:ibm:db2:9.5:fp3b:*:*:*:*:*:*", "cpe:2.3:a:ibm:db2:9.5:fp3:*:*:*:*:*:*", "cpe:2.3:a:ibm:db2:9.1:fp2:*:*:*:*:*:*", "cpe:2.3:a:ibm:db2:9.1:fp11:*:*:*:*:*:*", "cpe:2.3:a:ibm:db2:9.7:fp3:*:*:*:*:*:*", "cpe:2.3:a:ibm:db2:9.1:fp4:*:*:*:*:*:*", "cpe:2.3:a:ibm:db2:9.7:fp1:*:*:*:*:*:*", "cpe:2.3:a:ibm:db2:9.1:fp2a:*:*:*:*:*:*", "cpe:2.3:a:ibm:db2:9.1:fp8:*:*:*:*:*:*", "cpe:2.3:a:ibm:db2:9.1:fp4a:*:*:*:*:*:*", "cpe:2.3:a:ibm:db2:9.1:fp6a:*:*:*:*:*:*", "cpe:2.3:a:ibm:db2:9.5:fp3a:*:*:*:*:*:*", "cpe:2.3:a:ibm:db2:9.7:fp4:*:*:*:*:*:*", "cpe:2.3:a:ibm:db2:9.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:db2:9.1:fp1:*:*:*:*:*:*", "cpe:2.3:a:ibm:db2:9.5:fp4:*:*:*:*:*:*", "cpe:2.3:a:ibm:db2:9.5:fp2a:*:*:*:*:*:*", "cpe:2.3:a:ibm:db2:9.5:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:db2:9.5:fp5:*:*:*:*:*:*", "cpe:2.3:a:ibm:db2:9.7:fp2:*:*:*:*:*:*", "cpe:2.3:a:ibm:db2:9.1:fp3a:*:*:*:*:*:*", "cpe:2.3:a:ibm:db2:9.1:fp10:*:*:*:*:*:*", "cpe:2.3:a:ibm:db2:9.1:fp5:*:*:*:*:*:*", "cpe:2.3:a:ibm:db2:9.7:fp3a:*:*:*:*:*:*", "cpe:2.3:a:ibm:db2:9.5:fp6:*:*:*:*:*:*", "cpe:2.3:a:ibm:db2:9.5:fp2:*:*:*:*:*:*", "cpe:2.3:a:ibm:db2:9.1:fp9:*:*:*:*:*:*", "cpe:2.3:a:ibm:db2:9.1:fp3:*:*:*:*:*:*", "cpe:2.3:a:ibm:db2:9.1:fp7:*:*:*:*:*:*", "cpe:2.3:a:ibm:db2:9.5:fp6a:*:*:*:*:*:*", "cpe:2.3:a:ibm:db2:9.7:fp5:*:*:*:*:*:*", "cpe:2.3:a:ibm:db2:9.1:fp7a:*:*:*:*:*:*", "cpe:2.3:a:ibm:db2:9.5:fp7:*:*:*:*:*:*", "cpe:2.3:a:ibm:db2:9.5:fp8:*:*:*:*:*:*", "cpe:2.3:a:ibm:db2:9.5:fp1:*:*:*:*:*:*", "cpe:2.3:a:ibm:db2:9.1:fp6:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2020-03-24T19:06:52", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0711"], "description": "IBM Db2 is prone to a buffer overflow vulnerability.", "modified": "2020-03-12T00:00:00", "published": "2012-04-02T00:00:00", "id": "OPENVAS:1361412562310802728", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802728", "type": "openvas", "title": "IBM Db2 Administration Server Buffer Overflow Vulnerability (Linux)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# IBM Db2 Administration Server Buffer Overflow Vulnerability (Linux)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:ibm:db2\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802728\");\n script_version(\"2020-03-12T10:08:50+0000\");\n script_tag(name:\"last_modification\", value:\"2020-03-12 10:08:50 +0000 (Thu, 12 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2012-04-02 18:37:15 +0530 (Mon, 02 Apr 2012)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_cve_id(\"CVE-2012-0711\");\n script_bugtraq_id(52326);\n\n script_name(\"IBM Db2 Administration Server Buffer Overflow Vulnerability (Linux)\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/48279\");\n script_xref(name:\"URL\", value:\"http://xforce.iss.net/xforce/xfdb/73495\");\n script_xref(name:\"URL\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21588093\");\n script_xref(name:\"URL\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg27007053\");\n script_xref(name:\"URL\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21588098\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_family(\"Databases\");\n script_dependencies(\"gb_ibm_db2_consolidation.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"ibm/db2/detected\", \"Host/runs_unixoide\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attacker to cause denial of service.\");\n\n script_tag(name:\"affected\", value:\"IBM Db2 version 9.1 through FP11, 9.5 through FP8 and 9.7 through FP5.\");\n\n script_tag(name:\"insight\", value:\"This flaw is due to an unspecified error within the DAS component can be\n exploited to compromise the component or cause a denial of service.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to IBM Db2 version 9.5 FP9 or later.\");\n\n script_tag(name:\"summary\", value:\"IBM Db2 is prone to a buffer overflow vulnerability.\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!version = get_app_version(cpe: CPE, nofork: TRUE))\n exit(0);\n\nif (version_in_range(version: version, test_version: \"9.1.0.0\", test_version2: \"9.1.0.11\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"9.1.0.12\");\n security_message(port: 0, data: report);\n exit(0);\n}\n\nif (version_in_range(version: version, test_version: \"9.5.0.0\", test_version2: \"9.5.0.8\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"9.5.0.9\");\n security_message(port: 0, data: report);\n exit(0);\n}\n\nif (version_in_range(version: version, test_version: \"9.7.0.0\", test_version2: \"9.7.0.5\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"9.7.0.6\");\n security_message(port: 0, data: report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-01T01:34:05", "description": "According to its version, the installation of IBM DB2 9.1 running on\nthe remote host is affected by one or more of the following issues :\n\n - An integer signedness error exists in the 'db2asrrm'\n process that can lead to a heap-based buffer overflow.\n Note that this issue does not affect Windows hosts.\n (#IC80561 / CVE-2012-0711)\n\n - An error exists related to the stored procedure\n 'SQLJ.DB2_INSTALL_JAR' that can allow 'JAR' files to be\n overwritten. Note that this issue only affects Windows\n hosts. (#IC84019 / CVE-2012-2194)\n\n - An error exists related to the stored procedures\n 'GET_WRAP_CFG_C' and 'GET_WRAP_CFG_C2' that can allow\n unauthorized access to XML files. (#IC84614 / \n CVE-2012-2196)\n\n - An error exists related to the Java stored procedure\n infrastructure that can allow stack-based buffer\n overflows. (#IC84555 / CVE-2012-2197)", "edition": 27, "cvss3": {"score": 7.3, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}, "published": "2012-07-23T00:00:00", "title": "IBM DB2 9.1 < Fix Pack 12 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-2196", "CVE-2012-2197", "CVE-2012-2194", "CVE-2012-0711"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:ibm:db2"], "id": "DB2_9FP12.NASL", "href": "https://www.tenable.com/plugins/nessus/60098", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(60098);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2018/11/15 20:50:21\");\n\n script_cve_id(\n \"CVE-2012-0711\",\n \"CVE-2012-2194\",\n \"CVE-2012-2196\",\n \"CVE-2012-2197\"\n );\n script_bugtraq_id(52326, 54487);\n\n script_name(english:\"IBM DB2 9.1 < Fix Pack 12 Multiple Vulnerabilities\");\n script_summary(english:\"Checks DB2 signature\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote database server is affected by multiple issues.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"According to its version, the installation of IBM DB2 9.1 running on\nthe remote host is affected by one or more of the following issues :\n\n - An integer signedness error exists in the 'db2asrrm'\n process that can lead to a heap-based buffer overflow.\n Note that this issue does not affect Windows hosts.\n (#IC80561 / CVE-2012-0711)\n\n - An error exists related to the stored procedure\n 'SQLJ.DB2_INSTALL_JAR' that can allow 'JAR' files to be\n overwritten. Note that this issue only affects Windows\n hosts. (#IC84019 / CVE-2012-2194)\n\n - An error exists related to the stored procedures\n 'GET_WRAP_CFG_C' and 'GET_WRAP_CFG_C2' that can allow\n unauthorized access to XML files. (#IC84614 / \n CVE-2012-2196)\n\n - An error exists related to the Java stored procedure\n infrastructure that can allow stack-based buffer\n overflows. (#IC84555 / CVE-2012-2197)\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/524334/30/0/threaded\");\n # IC80561\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21588093\");\n # IC84019\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg1IC84019\");\n # IC84614\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg1IC84614\");\n # IC84555\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg1IC84555\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg24033023\");\n\n script_set_attribute(attribute:\"solution\", value:\"Apply IBM DB2 Version 9.1 Fix Pack 12 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/03/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/07/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/07/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:db2\");\n script_end_attributes();\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n \n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n \n script_dependencies(\"db2_das_detect.nasl\");\n script_require_ports(\"Services/db2das\", 523);\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"audit.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"db2_report_func.inc\");\n\n\nport = get_service(svc:\"db2das\", default:523, exit_on_fail:TRUE);\n\nlevel = get_kb_item_or_exit(\"DB2/\" + port + \"/Level\");\nif (level !~ '^9\\\\.1\\\\.') exit(0, \"The version of IBM DB2 listening on port \"+port+\" is not 9.1.x and thus is not affected.\");\n\nplatform = get_kb_item_or_exit(\"DB2/\"+port+\"/Platform\");\nplatform_name = get_kb_item(\"DB2/\"+port+\"/Platform_Name\");\nif (isnull(platform_name))\n{\n platform_name = platform;\n report_phrase = \"platform \" + platform;\n}\nelse\n report_phrase = platform_name;\n\nvuln = FALSE;\n# Windows 32-bit/64-bit\nif (platform == 5 || platform == 23)\n{\n fixed_level = '9.1.1200.483';\n if (ver_compare(ver:level, fix:fixed_level) == -1)\n vuln = TRUE;\n}\n# Others\nelse if (\n # Linux, 2.6 kernel 32/64-bit\n platform == 18 ||\n platform == 30 ||\n # AIX\n platform == 20\n)\n{\n fixed_level = '9.1.0.12';\n if (ver_compare(ver:level, fix:fixed_level) == -1)\n vuln = TRUE;\n}\nelse\n{\n info =\n 'Nessus does not support version checks against ' + report_phrase + '.\\n' +\n 'To help us better identify vulnerable versions, please send the platform\\n' +\n 'number along with details about the platform, including the operating system\\n' +\n 'version, CPU architecture, and DB2 version to db2-platform-info@nessus.org.\\n';\n exit(1, info);\n}\n\nif (vuln)\n{\n report_db2(\n severity : SECURITY_HOLE,\n port : port,\n platform_name : platform_name,\n installed_level : level,\n fixed_level : fixed_level);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"DB2\", port, level);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T01:34:04", "description": "According to its version, the installation of DB2 9.7 running on the\nremote host is prior to Fix Pack 6. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A local user can exploit a vulnerability in the bundled\n IBM Tivoli Monitoring Agent (ITMA) to escalate their\n privileges. (CVE-2011-4061)\n\n - An authorized user with 'CONNECT' and 'CREATEIN'\n privileges on a database can perform unauthorized\n reads on tables. (CVE-2012-0709)\n\n - An unspecified error in the DB2 Administration Server\n (DAS) can allow remote privilege escalation or denial\n of service via unspecified vectors. Note that this\n issue does not affect Windows hosts. (CVE-2012-0711)\n\n - An authorized user with 'CONNECT' privileges from\n 'PUBLIC' can cause a denial of service via unspecified\n methods related to DB2's XML feature. (CVE-2012-0712)\n\n - An unspecified information disclosure error exists\n related to the XML feature that can allow improper\n access to arbitrary XML files. (CVE-2012-0713)\n\n - An error exists related to the Distributed Relational\n Database Architecture (DRDA) that can allow denial of\n service conditions when processing certain request.\n (CVE-2012-2180)", "edition": 26, "cvss3": {"score": 7.3, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}, "published": "2012-07-10T00:00:00", "title": "IBM DB2 9.7 < Fix Pack 6 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4061", "CVE-2012-0709", "CVE-2012-0712", "CVE-2012-2180", "CVE-2012-0711", "CVE-2012-0713"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:ibm:db2"], "id": "DB2_97FP6.NASL", "href": "https://www.tenable.com/plugins/nessus/59904", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(59904);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/07/06 11:26:06\");\n\n script_cve_id(\n \"CVE-2011-4061\",\n \"CVE-2012-0709\",\n \"CVE-2012-0711\",\n \"CVE-2012-0712\",\n \"CVE-2012-0713\",\n \"CVE-2012-2180\"\n );\n script_bugtraq_id(51181, 52326, 53873);\n\n script_name(english:\"IBM DB2 9.7 < Fix Pack 6 Multiple Vulnerabilities\");\n script_summary(english:\"Checks DB2 signature.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n\n script_set_attribute(attribute:\"description\", value:\n\"According to its version, the installation of DB2 9.7 running on the\nremote host is prior to Fix Pack 6. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A local user can exploit a vulnerability in the bundled\n IBM Tivoli Monitoring Agent (ITMA) to escalate their\n privileges. (CVE-2011-4061)\n\n - An authorized user with 'CONNECT' and 'CREATEIN'\n privileges on a database can perform unauthorized\n reads on tables. (CVE-2012-0709)\n\n - An unspecified error in the DB2 Administration Server\n (DAS) can allow remote privilege escalation or denial\n of service via unspecified vectors. Note that this\n issue does not affect Windows hosts. (CVE-2012-0711)\n\n - An authorized user with 'CONNECT' privileges from\n 'PUBLIC' can cause a denial of service via unspecified\n methods related to DB2's XML feature. (CVE-2012-0712)\n\n - An unspecified information disclosure error exists\n related to the XML feature that can allow improper\n access to arbitrary XML files. (CVE-2012-0713)\n\n - An error exists related to the Distributed Relational\n Database Architecture (DRDA) that can allow denial of\n service conditions when processing certain request.\n (CVE-2012-2180)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg1IC79274\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg1IC80729\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg1IC81380\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg1IC81390\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg1IC81462\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg1IC82234\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21450666\");\n script_set_attribute(attribute:\"solution\", value:\"Apply IBM DB2 version 9.7 Fix Pack 6 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/06/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/05/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/07/10\");\n\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:db2\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"db2_das_detect.nasl\");\n script_require_ports(\"Services/db2das\", 523);\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"audit.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"db2_report_func.inc\");\n\nport = get_service(svc:\"db2das\", default:523, exit_on_fail:TRUE);\n\nlevel = get_kb_item_or_exit(\"DB2/\"+port+\"/Level\");\nif (level !~ \"^9\\.7\\.\") exit(0, \"The version of IBM DB2 listening on port \"+port+\" is not 9.7.\");\n\nplatform = get_kb_item_or_exit(\"DB2/\"+port+\"/Platform\");\nplatform_name = get_kb_item(\"DB2/\"+port+\"/Platform_Name\");\nif (isnull(platform_name))\n{\n platform_name = platform;\n report_phrase = \"platform \" + platform;\n}\nelse\n report_phrase = platform_name;\n\n\nvuln = FALSE;\n# Windows 32-bit/64-bit\nif (platform == 5 || platform == 23)\n{\n fixed_level = '9.7.600.413';\n if (ver_compare(ver:level, fix:fixed_level) == -1)\n vuln = TRUE;\n}\n# Others\nelse if (\n # Linux, 2.6 kernel 32/64-bit\n platform == 18 ||\n platform == 30 ||\n # AIX\n platform == 20\n)\n{\n fixed_level = '9.7.0.6';\n if (ver_compare(ver:level, fix:fixed_level) == -1)\n vuln = TRUE;\n}\nelse\n{\n info =\n 'Nessus does not support version checks against ' + report_phrase + '.\\n' +\n 'To help us better identify vulnerable versions, please send the platform\\n' +\n 'number along with details about the platform, including the operating system\\n' +\n 'version, CPU architecture, and DB2 version to db2-platform-info@nessus.org.\\n';\n exit(1, info);\n}\n\n\nif (vuln)\n{\n report_db2(\n severity : SECURITY_HOLE,\n port : port,\n platform_name : platform_name,\n installed_level : level,\n fixed_level : fixed_level);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"DB2\", port, level);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T01:34:03", "description": "According to its version, the installation of IBM DB2 9.5 running on\nthe remote host is prior to Fix Pack 9. It is, therefore, affected by\nthe following vulnerabilities :\n\n - Incorrect, world-writable file permissions are in place\n for the file 'NODES.REG'. (IC79518)\n\n - An unspecified error can allow attacks to cause a\n denial of service via unspecified vectors. (IC76899)\n\n - A local user can exploit a vulnerability in the bundled\n IBM Tivoli Monitoring Agent (ITMA) to escalate their\n privileges. (IC79970)\n\n - An unspecified error in the DB2 Administration Server\n (DAS) can allow remote privilege escalation or denial\n of service via unspecified vectors. Note that this\n issue does not affect Windows hosts. (IC80728)\n\n - An authorized user with 'CONNECT' privileges from\n 'PUBLIC' can cause a denial of service via unspecified\n methods related to DB2's XML feature. (IC81379)\n\n - An authorized user with 'CONNECT' and 'CREATEIN'\n privileges on a database can perform unauthorized\n reads on tables. (IC81387)", "edition": 26, "cvss3": {"score": 6.3, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}, "published": "2012-03-08T00:00:00", "title": "DB2 9.5 < Fix Pack 9 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0709", "CVE-2012-1796", "CVE-2012-0710", "CVE-2012-0712", "CVE-2012-0711", "CVE-2012-1797"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:ibm:db2"], "id": "DB2_95FP9.NASL", "href": "https://www.tenable.com/plugins/nessus/58293", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58293);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/07/09 12:26:57\");\n\n script_cve_id(\n \"CVE-2012-0709\",\n \"CVE-2012-0710\",\n \"CVE-2012-0711\",\n \"CVE-2012-0712\",\n \"CVE-2012-1796\",\n \"CVE-2012-1797\"\n );\n script_bugtraq_id(52326);\n \n script_name(english:\"DB2 9.5 < Fix Pack 9 Multiple Vulnerabilities\");\n script_summary(english:\"Checks DB2 signature.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n\n script_set_attribute(\n attribute:\"description\",\n value:\n\"According to its version, the installation of IBM DB2 9.5 running on\nthe remote host is prior to Fix Pack 9. It is, therefore, affected by\nthe following vulnerabilities :\n\n - Incorrect, world-writable file permissions are in place\n for the file 'NODES.REG'. (IC79518)\n\n - An unspecified error can allow attacks to cause a\n denial of service via unspecified vectors. (IC76899)\n\n - A local user can exploit a vulnerability in the bundled\n IBM Tivoli Monitoring Agent (ITMA) to escalate their\n privileges. (IC79970)\n\n - An unspecified error in the DB2 Administration Server\n (DAS) can allow remote privilege escalation or denial\n of service via unspecified vectors. Note that this\n issue does not affect Windows hosts. (IC80728)\n\n - An authorized user with 'CONNECT' privileges from\n 'PUBLIC' can cause a denial of service via unspecified\n methods related to DB2's XML feature. (IC81379)\n\n - An authorized user with 'CONNECT' and 'CREATEIN'\n privileges on a database can perform unauthorized\n reads on tables. (IC81387)\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg24032087\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21293566#9\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21586193\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg1IC79970\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg1IC81379\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg1IC81387\");\n # Note: ibm.com pages for IC76899, IC80728 are reporting as missing.\n # ibm.com page for IC79518 requires login.\n script_set_attribute(attribute:\"solution\", value:\"Apply IBM DB2 version 9.5 Fix Pack 9 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/03/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:db2\");\n script_end_attributes();\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n \n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n \n script_dependencies(\"db2_das_detect.nasl\");\n script_require_ports(\"Services/db2das\", 523);\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"db2_report_func.inc\");\n\nport = get_service(svc:\"db2das\", default:523, exit_on_fail:TRUE);\n\nlevel = get_kb_item_or_exit(\"DB2/\"+port+\"/Level\");\nif (level !~ '^9\\\\.5\\\\.') exit(0, \"The version of IBM DB2 listening on port \"+port+\" is not 9.5 and thus is not affected.\");\n\nplatform = get_kb_item_or_exit(\"DB2/\"+port+\"/Platform\");\nplatform_name = get_kb_item(\"DB2/\"+port+\"/Platform_Name\");\nif (isnull(platform_name))\n{\n platform_name = platform;\n report_phrase = \"platform \" + platform;\n}\nelse\n report_phrase = platform_name;\n\nvuln = FALSE;\n# Windows 32-bit/64-bit\nif (platform == 5 || platform == 23)\n{\n fixed_level = '9.5.900.456';\n if (ver_compare(ver:level, fix:fixed_level) == -1)\n vuln = TRUE;\n}\n# Others\nelse if (\n # Linux, 2.6 kernel 32/64-bit\n platform == 18 || \n platform == 30 ||\n # AIX\n platform == 20\n)\n{\n fixed_level = '9.5.0.9';\n if (ver_compare(ver:level, fix:fixed_level) == -1)\n vuln = TRUE;\n}\nelse\n{\n info =\n 'Nessus does not support version checks against ' + report_phrase + '.\\n' +\n 'To help us better identify vulnerable versions, please send the platform\\n' +\n 'number along with details about the platform, including the operating system\\n' +\n 'version, CPU architecture, and DB2 version to db2-platform-info@nessus.org.\\n';\n exit(1, info);\n}\n\nif (vuln)\n{\n report_db2(\n severity : SECURITY_WARNING,\n port : port,\n platform_name : platform_name,\n installed_level : level,\n fixed_level : fixed_level);\n}\nelse exit(0, \"IBM DB2 \"+level+\" on \" + report_phrase + \" is listening on port \"+port+\" and is not affected.\");\n", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}]}