EUVD-2017-10693

Malware in sbrugna...

Security Bulletin: Multiple security vulnerabilities have been identified in DB2 JDBC driver shipped with IBM Tivoli Business Service Manager

Summary DB2 JDBC driver is shipped as part of the XMLToolkit component for IBM Tivoli Business Service Manager. Information about security vulnerabilities affecting DB2 JDBC driver has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

Security Bulletin: Multiple vulnerabilities in IBM® Db2® affects IBM Security Key Lifecycle Manager.

Summary There are multiple vulnerabiltities in the IBM® Db2® that is shipped with IBM Security Key Lifecycle Manager. These issues were disclosed as part of the IBM® Db2® updates published. These may affect some configurations of IBM Security Key Lifecycle Manager. Vulnerability Details Please...

Security Bulletin: IBM Data Server Driver for JDBC and SQLJ is affected by a 3RD PARTY Unsafe deserialization

Summary Unsafe deserialization in DB2 JDBC driver Vulnerability Details The Db2 JDBC driver deserializes the contents of /tmp/connlicj.bin default path, this is configurable, which leads to object injection and potentially arbitrary code execution depending on the classpath. CVEID: CVE-2017-1677...

Security Bulletin: IBM Data Server Driver for ODBC and CLI is affected by multiple vulnerabilities in the GSKit library

Summary IBM Data Server Driver for ODBC and CLI is affected by multiple vulnerabilities in the GSKit library. Vulnerability Details CVEID: CVE-2016-0705 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a double-free error when parsing DSA private keys. An attacker could exploi...

Security Bulletin: Buffer overflow vulnerability in IBM® DB2® LUW (CVE-2017-1105)

Summary IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server is vulnerable to a buffer overflow that could allow a local user to overwrite DB2 files or cause a denial of service. Vulnerability Details CVEID: CVE-2017-1105 DESCRIPTION: IBM DB2 for Linux, UNIX and Windows includes DB2...

Security Bulletin: Vulnerabilities in open source zlib library affect IBM Data Server Driver Package and IBM Data Server Driver for ODBC and CLI

Summary Vulnerabilities have been addressed in the open source zlib library component of IBM Data Server Driver Package and IBM Data Server Driver for ODBC and CLI. Vulnerability Details CVEID: CVE-2016-9840 DESCRIPTION: zlib is vulnerable to a denial of service, caused by an out-of-bounds pointe...

Security Bulletin: Open Source Apache Xerces-C XML parser Vulnerabilities -- including XML4C (CVE-2016-0729)

Summary The vulnerabilities have been addressed in the Open Source Apache Xerces-C XML parser for IBM Data Server Driver packagesDB2 Connect Instance less clients. Vulnerability Details CVEID: CVE-2016-0729 DESCRIPTION: Apache Xerces-C XML Parser library is vulnerable to a denial of service, caus...

Security Bulletin: Vulnerabilities in Flexera InstallShield and InstallAnywhere affect IBM Data Server Driver packages (CVE-2016-2542, CVE-2016-4560)

Summary Vulnerabilities have been addressed in the Flexera InstallShield and InstallAnywhere componenst of IBM Data Server Driver packages. Vulnerability Details CVEID: CVE-2016-2542 DESCRIPTION: Flexera InstallShield could allow a local attacker to gain elevated privileges on the system, caused ...

Security Bulletin: Vulnerabilities in GSKit affect IBM Data Server Client and Driver packages(CVE-2016-0201, CVE-2015-7420 and CVE-2015-7421)

Summary Vulnerabilities have been addressed in the GSKit component of IBM Data Server Client and Driver packages Vulnerability Details CVEID: CVE-2016-0201 DESCRIPTION: IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a MD5 collision. An attacker could exploit th...

Security Bulletin: Vulnerability in RC4 stream cipher affects IBM Data Server Manager (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects IBM Data Server Manager. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit this...

Security Bulletin: Vulnerabilities in GSKit affect IBM® DB2® (CVE-2015-0138, CVE-2015-0159 and CVE-2014-6221)

Summary GSKit is an IBM component that is used by IBM DB2. The GSKit that is shipped with IBM DB2 contains multiple security vulnerabilities including the “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability. IBM DB2 has addressed the applicable CVEs. Vulnerability...

Security Bulletin: TLS padding vulnerability affects IBM Data Server Client packages (CVE-2014-8730)

Summary Transport Layer Security TLS padding vulnerability via a POODLE Padding Oracle On Downgraded Legacy Encryption like attack affects IBM Data Server Client packages. Vulnerability Details CVE-ID: CVE-2014-8730 DESCRIPTION: Product could allow a remote attacker to obtain sensitive informatio...

Design/Logic Flaw

IBM Data Server Driver for JDBC and SQLJ IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 deserializes the contents of /tmp/connlicj.bin which leads to object injection and potentially arbitrary code execution depending on the classpath. IBM X-Force ID: 133999...

CVE-2017-1677

IBM Data Server Driver for JDBC and SQLJ IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 deserializes the contents of /tmp/connlicj.bin which leads to object injection and potentially arbitrary code execution depending on the classpath. IBM X-Force ID: 133999...