CVE-2014-0907 - SetUID/SetGID Programs Allow Privilege Escalation Via Insecure RPATH In IBM DB2
2014-06-14T00:00:00
ID SECURITYVULNS:DOC:30813 Type securityvulns Reporter Securityvulns Modified 2014-06-14T00:00:00
Description
Vulnerability title: SetUID/SetGID Programs Allow Privilege Escalation
Via Insecure RPATH In IBM DB2
CVE: CVE-2014-0907
Vendor: IBM
Product: DB2
Affected version: V9.1, V9.5, V9.7, V10.1 and V10.5
Fixed version: V9.7 FP9a, V10.1 FP3a, V10.1 FP4 and V10.5 FP3a
Reported by: Tim Brown
Details:
It has been identified that binaries that are executed with elevated
privileges (SetGID and SetUID programs) in IBM’s DB2 for AIX, Linux, HP
and Solaris have been compiled in manner that means they searched for
libraries in insecure locations.
Further details at:
https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-0907/
Copyright:
Copyright (c) Portcullis Computer Security Limited 2014, All rights
reserved worldwide. Permission is hereby granted for the electronic
redistribution of this information. It is not to be edited or altered in
any way without the express written consent of Portcullis Computer
Security Limited.
Disclaimer:
The information herein contained may change without notice. Use of this
information constitutes acceptance for use in an AS IS condition. There
are NO warranties, implied or otherwise, with regard to this information
or its use. Any use of this information is at the user's risk. In no
event shall the author/distributor (Portcullis Computer Security
Limited) be held liable for any damages whatsoever arising out of or in
connection with the use or spread of this information.
{"id": "SECURITYVULNS:DOC:30813", "bulletinFamily": "software", "title": "CVE-2014-0907 - SetUID/SetGID Programs Allow Privilege Escalation Via Insecure RPATH In IBM DB2", "description": "\r\n\r\nVulnerability title: SetUID/SetGID Programs Allow Privilege Escalation\r\nVia Insecure RPATH In IBM DB2\r\nCVE: CVE-2014-0907\r\nVendor: IBM\r\nProduct: DB2\r\nAffected version: V9.1, V9.5, V9.7, V10.1 and V10.5\r\nFixed version: V9.7 FP9a, V10.1 FP3a, V10.1 FP4 and V10.5 FP3a\r\nReported by: Tim Brown\r\n\r\nDetails:\r\n\r\nIt has been identified that binaries that are executed with elevated\r\nprivileges (SetGID and SetUID programs) in IBM\u2019s DB2 for AIX, Linux, HP\r\nand Solaris have been compiled in manner that means they searched for\r\nlibraries in insecure locations.\r\n\r\nSUIDFILE='/db2/db2gpe/sqllib/acs/acscim' SUIDFILELS='-rwsr-x--- 1 root\r\ndbgpeadm 43848124 04 Oct 2012 /db2/db2gpe/sqllib/acs/acscim'\r\nRPATH='../../common/unx/supincl/pegcim251/lib' RPATHRELATIVE=yes\r\nRPATHLS=N/A RAPTHEXISTS=N/A ISBAD=yes\r\nSUIDFILE='/db2/db2gpe/sqllib/acs/acsnnas' SUIDFILELS='-rwsr-x--- 1 root\r\ndbgpeadm 43399984 04 Oct 2012 /db2/db2gpe/sqllib/acs/acsnnas'\r\nRPATH='../../common/unx/supincl/ontapsdk16/lib/aix' RPATHRELATIVE=yes\r\nRPATHLS=N/A RAPTHEXISTS=N/A ISBAD=yes\r\nSUIDFILE='/db2/db2gpe/sqllib/acs/acsnsan' SUIDFILELS='-rwsr-x--- 1 root\r\ndbgpeadm 46767866 04 Oct 2012 /db2/db2gpe/sqllib/acs/acsnsan'\r\nRPATH='../../common/unx/supincl/ontapsdk16/lib/aix' RPATHRELATIVE=yes\r\nRPATHLS=N/A RAPTHEXISTS=N/A ISBAD=yes\r\nSUIDFILE='/db2/db2gpe/sqllib/adm/db2iclean' SUIDFILELS='-r-sr-x--- 1\r\nroot dbgpeadm 23157 25 May 2013 /db2/db2gpe/sqllib/adm/db2iclean'\r\nRPATH='.' RPATHRELATIVE=yes RPATHLS=N/A RAPTHEXISTS=N/A ISBAD=yes\r\nSUIDFILE='/db2/db2gpp/sqllib/acs/acscim' SUIDFILELS='-rwsr-x--- 1 root\r\ndbgppadm 43848124 04 Oct 2012 /db2/db2gpp/sqllib/acs/acscim'\r\nRPATH='../../common/unx/supincl/pegcim251/lib' RPATHRELATIVE=yes\r\nRPATHLS=N/A RAPTHEXISTS=N/A ISBAD=yes\r\nSUIDFILE='/db2/db2gpp/sqllib/acs/acsnnas' SUIDFILELS='-rwsr-x--- 1 root\r\ndbgppadm 43399984 04 Oct 2012 /db2/db2gpp/sqllib/acs/acsnnas'\r\nRPATH='../../common/unx/supincl/ontapsdk16/lib/aix' RPATHRELATIVE=yes\r\nRPATHLS=N/A RAPTHEXISTS=N/A ISBAD=yes\r\nSUIDFILE='/db2/db2gpp/sqllib/acs/acsnsan' SUIDFILELS='-rwsr-x--- 1 root\r\ndbgppadm 46767866 04 Oct 2012 /db2/db2gpp/sqllib/acs/acsnsan'\r\nRPATH='../../common/unx/supincl/ontapsdk16/lib/aix' RPATHRELATIVE=yes\r\nRPATHLS=N/A RAPTHEXISTS=N/A ISBAD=yes\r\nSUIDFILE='/db2/db2gpp/sqllib/adm/db2iclean' SUIDFILELS='-r-sr-x--- 1\r\nroot dbgppadm 23157 25 May 2013 /db2/db2gpp/sqllib/adm/db2iclean'\r\nRPATH='.' RPATHRELATIVE=yes RPATHLS=N/A RAPTHEXISTS=N/A ISBAD=yes\r\nSUIDFILE='/hpadmin/swrepo/sqllib/adm/db2iclean' SUIDFILELS='-r-sr-x--- 1\r\nroot 226 23157 06 May 2013 /hpadmin/swrepo/sqllib/adm/db2iclean'\r\nRPATH='.' RPATHRELATIVE=yes RPATHLS=N/A RAPTHEXISTS=N/A ISBAD=yes\r\n\r\n\r\nFurther details at:\r\nhttps://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-0907/\r\n\r\n\r\nCopyright:\r\nCopyright (c) Portcullis Computer Security Limited 2014, All rights\r\nreserved worldwide. Permission is hereby granted for the electronic\r\nredistribution of this information. It is not to be edited or altered in\r\nany way without the express written consent of Portcullis Computer\r\nSecurity Limited.\r\n\r\nDisclaimer:\r\nThe information herein contained may change without notice. Use of this\r\ninformation constitutes acceptance for use in an AS IS condition. There\r\nare NO warranties, implied or otherwise, with regard to this information\r\nor its use. Any use of this information is at the user's risk. In no\r\nevent shall the author/distributor (Portcullis Computer Security\r\nLimited) be held liable for any damages whatsoever arising out of or in\r\nconnection with the use or spread of this information.\r\n\r\n", "published": "2014-06-14T00:00:00", "modified": "2014-06-14T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30813", "reporter": "Securityvulns", "references": [], "cvelist": ["CVE-2014-0907"], "type": "securityvulns", "lastseen": "2018-08-31T11:10:52", "edition": 1, "viewCount": 10, "enchantments": {"score": {"value": 6.7, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2014-0907"]}, {"type": "ibm", "idList": ["318BC9213F23ECCD98EE7602F8425446E3D4D9089BB1CABF4DC41B16B6262BD7", "6409D11592778E472D2FE4090FFEBA4D7AB856F354EC9A27FF2D5987116A47BF", "791211378A4868FC8C29620ED89A5A3FA5B0DD5D00FD125509099AE90485A970", "E980EB3E616F30BEE7500468A0CDC1FD26CC411E226CD7D1DC05674F0FB41F81"]}, {"type": "nessus", "idList": ["DB2_101FP3A.NASL", "DB2_105FP3A.NASL", "DB2_95FP9_MULTI_VULN.NASL", "DB2_97FP9A.NASL", "DB2_98FP5_MULTI_VULN.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310812265"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:13832"]}]}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2014-0907"]}, {"type": "ibm", "idList": ["791211378A4868FC8C29620ED89A5A3FA5B0DD5D00FD125509099AE90485A970"]}, {"type": "nessus", "idList": ["DB2_105FP3A.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310812265"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:13832"]}]}, "exploitation": null, "vulnersScore": 6.7}, "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1647589307, "score": 0}}
{"securityvulns": [{"lastseen": "2018-08-31T11:09:56", "description": "Insecure dynamic libraries loading.", "edition": 1, "cvss3": {}, "published": "2014-06-14T00:00:00", "title": "IBM DB2 privilege escalation", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2014-0907"], "modified": "2014-06-14T00:00:00", "id": "SECURITYVULNS:VULN:13832", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13832", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ibm": [{"lastseen": "2022-04-04T23:29:58", "description": "## Summary\n\nIBM Systems Director, IBM Tivoli Monitoring are shipped as components of IBM System Director Editions. Information about the security vulnerability affecting these components has been published in the security bulletin.\n\n## Vulnerability Details\n\n## Abstract\n\nIBM Systems Director, IBM Tivoli Monitoring are shipped as components of IBM System Director Editions. Information about the security vulnerability affecting these components has been published in the security bulletin.\n\n## Content\n\n**Vulnerability Details:**\n\nPlease consult the security bulletins listed below for the vulnerability details of the affected products.\n\n## \nAffected products and versions\n\nAffected Product and Version(s) | Product and Version shipped as a component | Security Bulletin \n---|---|--- \nIBM System Director Editions 6.2.0.0 | IBM Tivoli Monitoring 6.2.2.02 base FP2 | <http://www-01.ibm.com/support/docview.wss?uid=swg21670854> \nIBM System Director Editions 6.2.1.0 | IBM Tivoli Monitoring 6.2.2 | <http://www-01.ibm.com/support/docview.wss?uid=swg21670854> \nIBM System Director Editions 6.3.0.0 | IBM Tivoli Monitoring 6.2.3 | <http://www-01.ibm.com/support/docview.wss?uid=swg21670854> \nIBM Systems Director 6.3.3.0 | [http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095484](<864648>) \nIBM System Director Editions 6.3.2.0 | IBM Tivoli Monitoring 6.2.3 | <http://www-01.ibm.com/support/docview.wss?uid=swg21670854> \nIBM Systems Director 6.3.2.0 | [http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095484](<864648>) \n \n## \n\n## Related Information:\n\n * [IBM Secure Engineering Web Portal](<http://www-01.ibm.com/software/test/wenses/security/>)\n * [IBM Product Security Incident Response Blog](<https://www.ibm.com/blogs/PSIRT>) \n\n\n**Acknowledgement** \nNone\n\n**Change History** \n08 August 2014: Original Copy Published \n\n\n* The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Flash.\n\nNote: According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"AS IS\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOn \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n## Document Location\n\nWorldwide\n\n## Operating System\n\nSystem Management software:All operating systems listed\n\n[{\"Type\":\"HW\",\"Business Unit\":{\"code\":\"BU054\",\"label\":\"Systems w\\/TPS\"},\"Product\":{\"code\":\"SGZ2Z3\",\"label\":\"IBM Systems Director\"},\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Line of Business\":{\"code\":\"LOB35\",\"label\":\"Mainframe SW\"}},{\"Type\":\"HW\",\"Business Unit\":{\"code\":\"BU016\",\"label\":\"Multiple Vendor Support\"},\"Product\":{\"code\":\"SUNSET\",\"label\":\"PRODUCT REMOVED\"},\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Line of Business\":{\"code\":\"\",\"label\":\"\"}}]", "cvss3": {}, "published": "2019-01-31T01:25:01", "type": "ibm", "title": "Security Bulletin: Security vulnerability has been identified in IBM Systems Director, IBM Tivoli Monitoring shipped with IBM System Director Editions. (CVE-2014-0907)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2014-0907"], "modified": "2019-01-31T01:25:01", "id": "BF61E3329E15EC086192B5AB819C2B770DE044304891B95C6A21851AD78AA169", "href": "https://www.ibm.com/support/pages/node/865178", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-02-10T00:00:00", "description": "## Summary\n\nPrivilege escalation vulnerability in IBM Tivoli Monitoring (ITM) agents could be exploited by a local user to gain elevated privilege of another user.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-0907_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0907>) \nCVSS Base Score: 6.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/91869> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C)\n\n## Affected Products and Versions\n\nMonitoring Agent for UNIX OS version 6.3.0 through 6.3.0 Fix Pack 01 \nMonitoring Agent for UNIX OS version 6.2.3 through 6.2.3 Fix Pack 05 \nMonitoring Agent for UNIX OS version 6.2.2 through 6.2.2 Fix Pack 09 \nMonitoring Agent for UNIX OS version 6.2.1 through 6.2.1 Fix Pack 04 \nMonitoring Agent for UNIX OS version 6.2.0 through 6.2.0 Fix Pack 03 \n \nUniversal Agent version 6.2.3 through 6.2.3 Fix Pack 01 \nUniversal Agent version 6.2.2 through 6.2.2 Fix Pack 09 \nUniversal Agent version 6.2.1 through 6.2.1 Fix Pack 04 \nUniversal Agent version 6.2.0 through 6.2.0 Fix Pack 03 \n\n## Remediation/Fixes\n\n \nThe following fixes are for the Monitoring Agent for UNIX OS: \n\n**_Fix_**| **_VRMF_**| **_How to acquire fix_** \n---|---|--- \n6.3.0-TIV-ITM-FP0002| 6.3.0| [**__http://www.ibm.com/support/docview.wss?uid=swg2__****__4035402__**](<http://www-01.ibm.com/support/docview.wss?uid=swg24035402>) \n6.2.3.5-TIV-ITM_UNIX-IF0001| 6.2.3| [**__http://www.ibm.com/support/docview.wss?uid=swg24037447__**](<http://www-01.ibm.com/support/docview.wss?uid=swg24037447>) \n6.2.2.9-TIV-ITM_UNIX-IF0006| 6.2.2| [**__http://www.ibm.com/support/docview.wss?uid=swg24037446__**](<http://www-01.ibm.com/support/docview.wss?uid=swg24037446>) \nFor versions 6.20 and 6.21, contact IBM Support. \n \n \nThe following fixes are for the Universal Agent: **_Fix_**| **_VRMF_**| **_How to acquire fix_** \n---|---|--- \nN/A| 6.3.0| Does not ship in 6.3.0. \n6.2.3-TIV-ITM-FP0002| 6.2.3| [**__http://www.ibm.com/support/docview.wss?uid=swg24032429__**](<http://www-01.ibm.com/support/docview.wss?uid=swg24032429>) \n6.2.2-TIV-ITM-FP0009-IV56858| 6.2.2| [**__http://www.ibm.com/support/docview.wss?uid=swg2__****__4037389__**](<http://www.ibm.com/support/docview.wss?uid=swg24037389>) \nFor versions 6.20 and 6.21, contact IBM Support. \n\n## Workarounds and Mitigations\n\nContact IBM Support for options.\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Acknowledgement\n\nThis vulnerability was reported by Tim Brown from Portcullis Computer Security Ltd.\n\n## Change History\n\n31 July 2014 Original Copy Published. \n \n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. \n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n## Internal Use Only\n\nAdvisory 1569 \nIBM20140313-1006-08 \nDB Record 34371 \n\n[{\"Product\":{\"code\":\"SSTFXA\",\"label\":\"Tivoli Monitoring\"},\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud & Data Platform\"},\"Component\":\"Not Applicable\",\"Platform\":[{\"code\":\"PF002\",\"label\":\"AIX\"},{\"code\":\"PF010\",\"label\":\"HP-UX\"},{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF027\",\"label\":\"Solaris\"}],\"Version\":\"6.2.0;6.2.1;6.2.2;6.2.3;6.3.0\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB45\",\"label\":\"Automation\"}}] \n\n## Product Synonym\n\nITM", "cvss3": {}, "published": "2018-06-17T15:21:45", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in IBM Tivoli Monitoring agents with potential for privilege escalation (CVE-2014-0907)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0907"], "modified": "2018-06-17T15:21:45", "id": "E980EB3E616F30BEE7500468A0CDC1FD26CC411E226CD7D1DC05674F0FB41F81", "href": "https://www.ibm.com/support/pages/node/507569", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-02-10T00:00:00", "description": "## Summary\n\nA vulnerability in IBM DB2 for Linux, Unix and Windows could allow a local user to gain elevated privilege.\n\n## Vulnerability Details\n\n[**_CVE ID: CVE-2014-0907_**](<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2014-0907>) \n \n**DESCRIPTION:** \nThe IBM DB2 products listed below contain a security vulnerability which allows a malicious user to gain root privilege. This vulnerability can only be exploited by users through a local system account login. There are two DB2 components that are vulnerable out of which one does not affect a DB2 Client installation. One of the vulnerable component is Backup and Restore which exists at the DB2 server, only. The other vulnerable component is in DB2 install and exists at both the DB2 client and server. \n \n**CVSS:** \nCVSS Base Score: 6.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/91869_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/91869>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS String: (AV:L/AC:M/Au:N/C:C/I:C/A:C)\n\n## Affected Products and Versions\n\nThe following IBM DB2 and DB2 Connect V9.5, V9.7, V10.1 and V10.5 editions running on AIX, Linux, HP and Solaris are vulnerable. DB2 V9.5 before FP9 is not vulnerable. DB2 running on Windows is not vulnerable. \n \nIBM DB2 Express Edition \nIBM DB2 Workgroup Server Edition \nIBM DB2 Enterprise Server Edition \nIBM DB2 Connect\u2122 Application Server Edition \nIBM DB2 Connect Application Server Advanced Edition \nIBM DB2 Connect Enterprise Edition \nIBM DB2 Connect Unlimited Edition for System i\u00ae \nIBM DB2 Connect Unlimited Edition for System z\u00ae \nIBM DB2 Connect Unlimited Advanced Edition for System z \nIBM DB2 10.1 pureScale Feature \nIBM DB2 10.5 Advanced Enterprise Server Edition \nIBM DB2 10.5 Advanced Workgroup Server Edition \nIBM DB2 10.5 Developer Edition for Linux, Unix and Windows \n \nThe following IBM V9.8 editions running on AIX and Linux: \n \nIBM\u00ae DB2\u00ae pureScale\u2122 Feature for Enterprise Server Edition \n \n \nThe IBM data server client and driver types are as follows: \n \nIBM Data Server Driver Package \nIBM Data Server Driver for ODBC and CLI \nIBM Data Server Runtime Client \nIBM Data Server Client\n\n## Remediation/Fixes\n\nThe recommended solution is to apply the appropriate fix for this vulnerability. \n \n**FIX:** \nThe fix for this vulnerability for the DB2 server is available for download for DB2 and DB2 Connect release V10.1 FP4 from Fix Central. Releases V9.7 FP9, V10.1 FP3, and V10.5 FP3 has been updated with the fix and are available from Fix Central as V9.7 FP9a, V10.1 FP3a, and V10.5 FP3a, respectively. \n \nA special build with an interim patch for this issue may be requested for DB2 and DB2 Connect V9.5 FP9 & FP10, V9.7 FP8, V9.8 FP5 and V10.5 FP2. Please contact your service representative to request the special build and reference the APAR number for the release you want. Customers on fixpack levels lower than those listed above should update to a fixed fix pack level. \n \n\n\n \n**Release**| **APAR**| **Download URL** \n---|---|--- \nV9.5 | [_IT00627_](<http://www-01.ibm.com/support/docview.wss?uid=swg1IT00627>)| Please contact technical support. \nV9.7 FP9a| [_IT00684_](<http://www-01.ibm.com/support/docview.wss?uid=swg1IT00684>)| <http://www.ibm.com/support/docview.wss?uid=swg24037559> \nV9.8| [_IT00685_](<http://www-01.ibm.com/support/docview.wss?uid=swg1IT00685>)| Please contact technical support. \nV10.1 FP3a| [_IT00686_](<http://www-01.ibm.com/support/docview.wss?uid=swg1IT00686>)| <http://www.ibm.com/support/docview.wss?uid=swg24037557> \nV10.1 FP4| [_IT00686_](<http://www-01.ibm.com/support/docview.wss?uid=swg1IT00686>)| <http://www.ibm.com/support/docview.wss?uid=swg24037466> \nV10.5 FP3a| [_IT00687_](<http://www-01.ibm.com/support/docview.wss?uid=swg1IT00687>)| <http://www.ibm.com/support/docview.wss?uid=swg24037555> \n \n \n**Contact Technical Support:**\n\nIn the United States and Canada dial **1-800-IBM-SERV** \nView the support [_contacts for other countries_](<http://www.ibm.com/planetwide/>) outside of the United States. \nElectronically [_open a Service Request_](<http://www.ibm.com/software/data/db2/support/db2_9/probsub.html>) with DB2 Technical Support.\n\n**_Note:_**_ IBM\u2019s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM\u2019s sole discretion. Information regarding potential future products is intended to outline our general product direction and it should not be relied on in making a purchasing decision. The information mentioned regarding potential future products is not a commitment, promise, or legal obligation to deliver any material, code or functionality. Information about potential future products may not be incorporated into any contract. The development, release, and timing of any future features or functionality described for our products remains at our sole discretion._\n\n## Workarounds and Mitigations\n\nThe following remediation instructions will remove the vulnerability without side-effects. The user executing the commands must be root and the instructions must be repeated for each DB2 instance and in the DB2 install directory. \n\nThe following example will use /home/db2inst1/sqllib as the DB2 instance install directory. You should replace the sample directory with your DB2 instance install directory. Repeat the procedure with the DB2 install directory which is under /opt/ibm/db2/<db2_release_name> or /opt/IBM/db2/<db2_release_name>, depending on the platform. \n\nThe following will fix the install component that exists at the DB2 client and server.\n\n \ncd /home/db2inst1/sqllib \nbin/db2chglibpath -s '\\\\.:' -r '' adm/db2iclean \n\n\nThe following is required if you have enabled \"DB2 Advanced Copy Services (ACS)\" and does not affect the DB2 client. ACS is vulnerable in DB2 V9.5 and V9.7 but not in V9.8, V10.1 and V10.5. We would recommend you execute the remediation instructions regardless if ACS is enabled for V9.5 and V9.7. You will get the following harmless error if ACS was not enabled: \"db2chglibpath: Unable to open (read-mode) file: 'acs/XXXXX': error: 2(No such file or directory)\" .\n\ncd /home/db2inst1/sqllib\n\n \nbin/db2chglibpath -s '\\\\.\\\\./\\\\.\\\\.' -r '/opt' acs/acscim \nbin/db2chglibpath -s '\\\\.\\\\./\\\\.\\\\.' -r '/opt' acs/acsnsan \nbin/db2chglibpath -s '\\\\.\\\\./\\\\.\\\\.' -r '/opt' acs/acsnnas \n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Acknowledgement\n\nTim Brown from Portcullis Computer Security Ltd.\n\n## Change History\n\nMay 26, 2014: Original version published \nJune 10, 2014: Correction: V9.1 is not vulnerable. \nJune 16, 2014: Updated to indicate DB2 Client installs are affected. \nJune 20, 2014: Updated to indicate workaround needs to be applied to DB2 install directory as well. \nJune 25, 2014: DB2 V9.5 before FP9 is not vulnerable. \nSept 30, 2014: Client packages have been updated with fix. \nOctober 27, 2014: Updated \"Workaround and Migiations\"\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n## Internal Use Only\n\nPSIRT 34367. Advisory 1569\n\n[{\"Product\":{\"code\":\"SSEPGG\",\"label\":\"Db2 for Linux, UNIX and Windows\"},\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud & Data Platform\"},\"Component\":\"Security \\/ Plug-Ins - Security Vulnerability\",\"Platform\":[{\"code\":\"PF002\",\"label\":\"AIX\"},{\"code\":\"PF010\",\"label\":\"HP-UX\"},{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF027\",\"label\":\"Solaris\"}],\"Version\":\"9.8;9.7;9.5;10.1;10.5\",\"Edition\":\"Advanced Enterprise Server;Advanced Workgroup Server;Enterprise Server;Express;Express-C;Personal;Workgroup Server\",\"Line of Business\":{\"code\":\"LOB10\",\"label\":\"Data and AI\"}},{\"Product\":{\"code\":\"SSEPDU\",\"label\":\"Db2 Connect\"},\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud & Data Platform\"},\"Component\":null,\"Platform\":[{\"code\":\"PF002\",\"label\":\"AIX\"},{\"code\":\"PF010\",\"label\":\"HP-UX\"},{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF027\",\"label\":\"Solaris\"}],\"Version\":\"9.7;9.5;10.1;10.5\",\"Edition\":\"Application Server;Enterprise Server;Personal;Unlimited for System i;Unlimited for System z\",\"Line of Business\":{\"code\":\"LOB10\",\"label\":\"Data and AI\"}}]", "cvss3": {}, "published": "2018-06-16T13:05:55", "type": "ibm", "title": "Security Bulletin: Local escalation of privilege vulnerability in IBM\u00ae DB2\u00ae (CVE-2014-0907).", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0907"], "modified": "2018-06-16T13:05:55", "id": "6409D11592778E472D2FE4090FFEBA4D7AB856F354EC9A27FF2D5987116A47BF", "href": "https://www.ibm.com/support/pages/node/508961", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-22T07:34:26", "description": "## Summary\n\nIBM DB2 is shipped as a component of WebSphere Remote Server. Information about security vulnerabilities affecting IBM DB2 has been published in a security bulletin.\n\n## Vulnerability Details\n\nFor vulnerability details, see the [_Local escalation of privilege vulnerability in IBM DB2 (CVE-2014-0907)_](<http://www.ibm.com/support/docview.wss?uid=swg21672100>) document.\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)\n\n| Affected Supporting Product and Version \n---|--- \nWebSphere Remote Server version 6.1, 6.2, 6.2.1, 7.0, 7.1, 7.1.1, 7.1.2, 8.5 | IBM DB2 Workgroup Server Edition \n9.1, 9.5, 9.7, 10.1 \n \n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n[{\"Product\":{\"code\":\"SSUNCX\",\"label\":\"WebSphere Remote Server\"},\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud & Data Platform\"},\"Component\":\"Not Applicable\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"8.5;7.1.2;7.1.1;7.1;7.0;6.2.1;6.2;6.1\",\"Edition\":\"Edition Independent\",\"Line of Business\":{\"code\":\"LOB45\",\"label\":\"Automation\"}}]", "cvss3": {}, "published": "2018-06-15T07:00:33", "type": "ibm", "title": "Security Bulletin: Security vulnerabilities have been identified in IBM DB2 shipped with WebSphere Remote Server (CVE-2014-0907)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0907"], "modified": "2018-06-15T07:00:33", "id": "791211378A4868FC8C29620ED89A5A3FA5B0DD5D00FD125509099AE90485A970", "href": "https://www.ibm.com/support/pages/node/512185", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-22T07:36:03", "description": "## Summary\n\nIBM DB2 is shipped as a component of Maximo Asset Management, Maximo Asset Management Essentials, Maximo Industry Solutions (including Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas and Maximo for Utilities), Tivoli Asset Management for IT, Tivoli Service Request Manager, Change and Configuration Management Database, and SmartCloud Control Desk, Intelligent Building Management, or TRIRIGA for Energy Optimization. Information about security vulnerabilities affecting IBM DB2 has been published in a security bulletin. \n\n## Vulnerability Details\n\nPlease consult the security bulletin [_Local escalation of privilege vulnerability in IBM\u00ae DB2\u00ae (CVE-2014-0907)_](<http://www-01.ibm.com/support/docview.wss?uid=swg21672100>) for vulnerability details.\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)\n\n| Affected Supporting Product and Version \n---|--- \nMaximo Asset Management, Maximo Industry Solutions, Tivoli Asset Management for IT, Tivoli Service Request Manager, and Tivoli Change and Configuration Management Database 7.1 and 7.2| DB2 Enterprise Server Edition 9.1 and \nDB2 Enterprise Server Edition 9.5 \nMaximo Asset Management, Maximo Industry Solutions, and SmartCloud Control Desk 7.5| DB2 Enterprise Server Edition 9.7 and \nDB2 Enterprise Server Edition 10.5 \nIntelligent Building Management 1.1 and TRIRIGA for Energy Optimization 1.1| DB2 Enterprise Server Edition 9.7 \n \n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n29 May 2014: Original version published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n[{\"Product\":{\"code\":\"SSLKT6\",\"label\":\"IBM Maximo Asset Management\"},\"Business Unit\":{\"code\":\"BU055\",\"label\":\"Cognitive Applications\"},\"Component\":\"--\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"7.1;7.1.1;7.1.2;7.2;7.2.1;7.5\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB02\",\"label\":\"AI Applications\"}},{\"Product\":{\"code\":\"SSWK4A\",\"label\":\"Maximo Asset Management Essentials\"},\"Business Unit\":{\"code\":\"BU055\",\"label\":\"Cognitive Applications\"},\"Component\":\" \",\"Platform\":[{\"code\":\"\",\"label\":\"\"}],\"Version\":\"\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB02\",\"label\":\"AI Applications\"}},{\"Product\":{\"code\":\"SSLKTY\",\"label\":\"Maximo Asset Management for IT\"},\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud & Data Platform\"},\"Component\":\" \",\"Platform\":[{\"code\":\"\",\"label\":\"\"}],\"Version\":\"\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB02\",\"label\":\"AI Applications\"}},{\"Product\":{\"code\":\"SSKTXT\",\"label\":\"Tivoli Change and Configuration Management Database\"},\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud & Data Platform\"},\"Component\":\" \",\"Platform\":[{\"code\":\"\",\"label\":\"\"}],\"Version\":\"\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB45\",\"label\":\"Automation\"}},{\"Product\":{\"code\":\"SS6HJK\",\"label\":\"Tivoli Service Request Manager\"},\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud & Data Platform\"},\"Component\":\" \",\"Platform\":[{\"code\":\"\",\"label\":\"\"}],\"Version\":\"\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB45\",\"label\":\"Automation\"}},{\"Product\":{\"code\":\"SSWT9A\",\"label\":\"IBM Control Desk\"},\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud & Data Platform\"},\"Component\":\" \",\"Platform\":[{\"code\":\"\",\"label\":\"\"}],\"Version\":\"\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB45\",\"label\":\"Automation\"}},{\"Product\":{\"code\":\"SSWDVU\",\"label\":\"IBM TRIRIGA Energy Optimization\"},\"Business Unit\":{\"code\":\"BU055\",\"label\":\"Cognitive Applications\"},\"Component\":\" \",\"Platform\":[{\"code\":\"\",\"label\":\"\"}],\"Version\":\"\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB02\",\"label\":\"AI Applications\"}}]", "cvss3": {}, "published": "2018-06-17T14:41:41", "type": "ibm", "title": "Security Bulletin: Security vulnerabilities have been identified in IBM\u00ae DB2\u00ae shipped with Asset and Service Management (CVE-2014-0907)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0907"], "modified": "2018-06-17T14:41:41", "id": "318BC9213F23ECCD98EE7602F8425446E3D4D9089BB1CABF4DC41B16B6262BD7", "href": "https://www.ibm.com/support/pages/node/511745", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2020-04-21T16:52:07", "description": "IBM Db2 is prone to a privilege escalation vulnerability.", "cvss3": {}, "published": "2017-12-15T00:00:00", "type": "openvas", "title": "IBM Db2 Privilege Escalation Vulnerability Dec17", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0907"], "modified": "2020-04-17T00:00:00", "id": "OPENVAS:1361412562310812265", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812265", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# IBM Db2 Privilege Escalation Vulnerability Dec17\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:ibm:db2\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812265\");\n script_version(\"2020-04-17T03:30:22+0000\");\n script_tag(name:\"last_modification\", value:\"2020-04-17 03:30:22 +0000 (Fri, 17 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-12-15 15:44:32 +0530 (Fri, 15 Dec 2017)\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_cve_id(\"CVE-2014-0907\");\n script_bugtraq_id(67617);\n\n script_name(\"IBM Db2 Privilege Escalation Vulnerability Dec17\");\n\n script_tag(name:\"summary\", value:\"IBM Db2 is prone to a privilege escalation vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists due to multiple untrusted search path vulnerabilities in\n unspecified setuid and setgid programs.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow local attackers to gain root privileges.\");\n\n script_tag(name:\"affected\", value:\"IBM Db2 9.5, 9.7 before FP9a, 9.8, 10.1 before FP3a, and 10.5 before FP3.\");\n\n script_tag(name:\"solution\", value:\"Apply the appropriate fix from reference link\");\n\n script_xref(name:\"URL\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21672100\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Databases\");\n script_dependencies(\"gb_ibm_db2_consolidation.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"ibm/db2/detected\", \"Host/runs_unixoide\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!version = get_app_version(cpe: CPE, nofork: TRUE))\n exit(0);\n\nif (version_in_range(version: version, test_version: \"10.5.0\", test_version2: \"10.5.0.2\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"10.5.0.3\");\n security_message(port: 0, data: report);\n exit(0);\n}\n\nif (version_in_range(version: version, test_version: \"10.1.0\", test_version2: \"10.1.0.3\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"10.1.0.4\");\n security_message(port: 0, data: report);;\n exit(0);\n}\n\nif (version_in_range(version: version, test_version: \"9.7.0\", test_version2: \"9.7.0.9\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"9.7.0.9a\");\n security_message(port: 0, data: report);\n exit(0);\n}\n\nif (version =~ \"^9\\.(5|8)\\.\") {\n report = report_fixed_ver(installed_version: version, fixed_version: \"Apply patch\");\n security_message(port: 0, data: report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2022-03-23T12:13:47", "description": "Multiple untrusted search path vulnerabilities in unspecified (1) setuid and (2) setgid programs in IBM DB2 9.5, 9.7 before FP9a, 9.8, 10.1 before FP3a, and 10.5 before FP3a on Linux and UNIX allow local users to gain root privileges via a Trojan horse library.", "cvss3": {}, "published": "2014-05-30T23:55:00", "type": "cve", "title": "CVE-2014-0907", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0907"], "modified": "2017-08-29T01:34:00", "cpe": ["cpe:/a:ibm:db2:9.7.0.4", "cpe:/a:ibm:db2:9.7.0.8", "cpe:/a:ibm:db2:9.7.0.3", "cpe:/a:ibm:db2:10.1.0.3", "cpe:/a:ibm:db2:10.5.0.2", "cpe:/a:ibm:db2:10.5.0.1", "cpe:/a:ibm:db2:10.1.0.2", "cpe:/a:ibm:db2:10.1.0.1", "cpe:/a:ibm:db2:9.7.0.6", "cpe:/a:ibm:db2:9.7", "cpe:/a:ibm:db2:9.7.0.7", "cpe:/a:ibm:db2:9.7.0.2", "cpe:/a:ibm:db2:9.5", "cpe:/a:ibm:db2:9.7.0.5", "cpe:/a:ibm:db2:10.1", "cpe:/a:ibm:db2:9.7.0.1", "cpe:/a:ibm:db2:9.7.0.9", "cpe:/a:ibm:db2:10.5"], "id": "CVE-2014-0907", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0907", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:db2:9.7.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:db2:9.5:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:db2:9.7.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:db2:9.7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:db2:10.1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:db2:10.5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:db2:9.7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:db2:9.7.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:db2:10.1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:db2:9.7.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:db2:10.1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:db2:9.7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:db2:10.5.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:db2:9.7.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:db2:9.7.0.7:*:*:*:*:*:*:*"]}], "nessus": [{"lastseen": "2022-04-16T14:06:17", "description": "According to its version, the installation of IBM DB2 10.5 running on the remote host is prior to Fix Pack 3a. It is, therefore, affected by one or more of the following vulnerabilities :\n\n - An unspecified error exists related to handling malformed certificate chains that could allow denial of service attacks. (CVE-2013-6747)\n\n - A build error exists related to libraries in insecure locations that could allow a local user to carry out privilege escalation attacks. Note this issue does not affect the application when running on Microsoft Windows operating systems. (CVE-2014-0907)\n\n - An unspecified error exists related to the TLS implementation that could allow certain error cases to cause 100% CPU utilization. (CVE-2014-0963)", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2014-06-18T00:00:00", "type": "nessus", "title": "IBM DB2 10.5 < Fix Pack 3a Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-6747", "CVE-2014-0907", "CVE-2014-0963"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:ibm:db2"], "id": "DB2_105FP3A.NASL", "href": "https://www.tenable.com/plugins/nessus/76111", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76111);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2013-6747\", \"CVE-2014-0907\", \"CVE-2014-0963\");\n script_bugtraq_id(65156, 67238, 67617);\n\n script_name(english:\"IBM DB2 10.5 < Fix Pack 3a Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its version, the installation of IBM DB2 10.5 running on\nthe remote host is prior to Fix Pack 3a. It is, therefore, affected by\none or more of the following vulnerabilities :\n\n - An unspecified error exists related to handling\n malformed certificate chains that could allow denial\n of service attacks. (CVE-2013-6747)\n\n - A build error exists related to libraries in insecure\n locations that could allow a local user to carry out\n privilege escalation attacks. Note this issue does not\n affect the application when running on Microsoft\n Windows operating systems. (CVE-2014-0907)\n\n - An unspecified error exists related to the TLS\n implementation that could allow certain error cases to\n cause 100% CPU utilization. (CVE-2014-0963)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21672100\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21671732\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www-01.ibm.com/support/docview.wss?uid=swg21647054\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg24037555\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply IBM DB2 version 10.5 Fix Pack 3a or later.\n\nAlternatively, in the case of DB2 Version 10.5 Fix Pack 2, contact the\nvendor to obtain a special build with the interim fix.\n\nNote that the vendor has posted a workaround for the build error issue\n(CVE-2014-0907) involving the command 'sqllib/bin/db2chglibpath'.\nPlease consult the advisory for detailed instructions.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0907\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/01/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:db2\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"db2_das_detect.nasl\");\n script_require_ports(\"Services/db2das\", 523);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"db2_report_func.inc\");\n\nport = get_service(svc:\"db2das\", default:523, exit_on_fail:TRUE);\n\nlevel = get_kb_item_or_exit(\"DB2/\" + port + \"/Level\");\nif (level !~ \"^10\\.5\\.\") audit(AUDIT_NOT_LISTEN, \"DB2 10.5\", port);\n\nplatform = get_kb_item_or_exit(\"DB2/\"+port+\"/Platform\");\nplatform_name = get_kb_item(\"DB2/\"+port+\"/Platform_Name\");\nif (isnull(platform_name))\n{\n platform_name = platform;\n report_phrase = \"platform \" + platform;\n}\nelse\n report_phrase = platform_name;\n\nvuln = FALSE;\n# Windows 32-bit/64-bit\nif (platform == 5 || platform == 23)\n{\n fixed_level = '10.5.301.84';\n if (ver_compare(ver:level, fix:fixed_level) == -1)\n vuln = TRUE;\n\n # In the case of 10.5 FP2 and a non-paranoid\n # scan, do not report as it's not clear that\n # a special build increases the build level\n if (level == '10.5.200.109' && report_paranoia < 2)\n exit(1, \"Nessus is unable to determine if the patch has been applied or not.\");\n}\n# Others\nelse if (\n # Linux, 2.6 kernel 32/64-bit\n platform == 18 ||\n platform == 30 ||\n # AIX\n platform == 20\n)\n{\n fixed_level = '10.5.0.3';\n if (ver_compare(ver:level, fix:fixed_level) <= 0)\n vuln = TRUE;\n\n # If not paranoid and at 10.5.0.2/10.5.0.3 already,\n # do not report - we cannot tell if special build or\n # FP3a is there.\n if ((level == '10.5.0.2' || level == fixed_level) && report_paranoia < 2)\n exit(1, \"Nessus is unable to determine if the patch has been applied or not.\");\n}\nelse\n{\n info =\n 'Nessus does not support version checks against ' + report_phrase + '.\\n' +\n 'To help us better identify vulnerable versions, please send the platform\\n' +\n 'number along with details about the platform, including the operating system\\n' +\n 'version, CPU architecture, and DB2 version to db2-platform-info@nessus.org.\\n';\n exit(1, info);\n}\n\nif (vuln)\n{\n fixed_level += ' (10.5 Fix Pack 3a)';\n report_db2(\n severity : SECURITY_HOLE,\n port : port,\n platform_name : platform_name,\n installed_level : level,\n fixed_level : fixed_level);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"DB2\", port, level);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-04-16T14:05:04", "description": "According to its version, the installation of IBM DB2 9.5 running on the remote host is prior or equal to Fix Pack 9 or 10. It is, therefore, reportedly affected by one or more of the following vulnerabilities :\n\n - An unspecified error exists related to handling malformed certificate chains that could allow denial of service attacks. (CVE-2013-6747)\n\n - A build error exists related to libraries in insecure locations that could allow a local user to carry out privilege escalation attacks. Note this issue does not affect the application when running on Microsoft Windows operating systems. (CVE-2014-0907)\n\n - An unspecified error exists related to the TLS implementation that could allow certain error cases to cause 100% CPU utilization. (CVE-2014-0963)", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2014-06-18T00:00:00", "type": "nessus", "title": "IBM DB2 9.5 <= Fix Pack 9 or 10 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-6747", "CVE-2014-0907", "CVE-2014-0963"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:ibm:db2"], "id": "DB2_95FP9_MULTI_VULN.NASL", "href": "https://www.tenable.com/plugins/nessus/76113", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76113);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2013-6747\", \"CVE-2014-0907\", \"CVE-2014-0963\");\n script_bugtraq_id(65156, 67238, 67617);\n\n script_name(english:\"IBM DB2 9.5 <= Fix Pack 9 or 10 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its version, the installation of IBM DB2 9.5 running on\nthe remote host is prior or equal to Fix Pack 9 or 10. It is,\ntherefore, reportedly affected by one or more of the following\nvulnerabilities :\n\n - An unspecified error exists related to handling\n malformed certificate chains that could allow denial\n of service attacks. (CVE-2013-6747)\n\n - A build error exists related to libraries in insecure\n locations that could allow a local user to carry out\n privilege escalation attacks. Note this issue does not\n affect the application when running on Microsoft\n Windows operating systems. (CVE-2014-0907)\n\n - An unspecified error exists related to the TLS\n implementation that could allow certain error cases to\n cause 100% CPU utilization. (CVE-2014-0963)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21672100\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21671732\");\n script_set_attribute(attribute:\"solution\", value:\n\"Contact the vendor to obtain a special build with the interim fix.\n\nNote that the vendor has posted a workaround for the build error issue\n(CVE-2014-0907) involving the command 'sqllib/bin/db2chglibpath'.\nPlease consult the advisory for detailed instructions.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0907\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/01/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:db2\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"db2_das_detect.nasl\");\n script_require_ports(\"Services/db2das\", 523);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"db2_report_func.inc\");\n\nport = get_service(svc:\"db2das\", default:523, exit_on_fail:TRUE);\n\nlevel = get_kb_item_or_exit(\"DB2/\" + port + \"/Level\");\nif (level !~ \"^9\\.5\\.\") audit(AUDIT_NOT_LISTEN, \"DB2 9.5\", port);\n\nplatform = get_kb_item_or_exit(\"DB2/\"+port+\"/Platform\");\nplatform_name = get_kb_item(\"DB2/\"+port+\"/Platform_Name\");\nif (isnull(platform_name))\n{\n platform_name = platform;\n report_phrase = \"platform \" + platform;\n}\nelse\n report_phrase = platform_name;\n\n\nvuln = FALSE;\n# Windows 32-bit/64-bit\nif (platform == 5 || platform == 23)\n{\n # v9.5 <= 9.5 FP10\n fixed_level = '9.5.1000.163';\n if (ver_compare(ver:level, fix:fixed_level) <= 0)\n vuln = TRUE;\n\n # If not paranoid and at 9.5.900.456/9.5.1000.163 already,\n # do not report - we cannot tell if special fix build is there.\n if (\n (level == '9.5.900.456' || level == '9.5.1000.163')\n &&\n report_paranoia < 2\n )\n exit(1, \"Nessus is unable to determine if the patch has been applied or not.\");\n}\n# Others\nelse if (\n # Linux, 2.6 kernel 32/64-bit\n platform == 18 ||\n platform == 30 ||\n # AIX\n platform == 20\n)\n{\n fixed_level = '9.5.0.10';\n if (ver_compare(ver:level, fix:fixed_level) <= 0)\n vuln = FALSE;\n\n # If not paranoid and at 9.5.0.9/9.5.0.10 already,\n # do not report - we cannot tell if FP9a is there.\n if (\n (level == '9.5.0.9' || level == '9.5.0.10')\n &&\n report_paranoia < 2\n )\n exit(1, \"Nessus is unable to determine if the patch has been applied or not.\");\n}\nelse\n{\n info =\n 'Nessus does not support version checks against ' + report_phrase + '.\\n' +\n 'To help us better identify vulnerable versions, please send the platform\\n' +\n 'number along with details about the platform, including the operating system\\n' +\n 'version, CPU architecture, and DB2 version to db2-platform-info@nessus.org.\\n';\n exit(1, info);\n}\n\nif (vuln)\n{\n report_db2(\n severity : SECURITY_HOLE,\n port : port,\n platform_name : platform_name,\n installed_level : level,\n fixed_level : fixed_level);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"DB2\", port, level);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-04-16T14:05:04", "description": "According to its version, the installation of DB2 9.7 running on the remote host is prior to Fix Pack 9a. It is, therefore, affected by one or more of the following vulnerabilities :\n\n - An unspecified error exists related to handling malformed certificate chains that allows denial of service attacks. (CVE-2013-6747)\n\n - A build error exists related to libraries in insecure locations that allows a local user to carry out privilege escalation attacks. Note that this issue does not affect the application when running on Microsoft Windows operating systems. (CVE-2014-0907)\n\n - An unspecified error exists related to the TLS implementation that allows certain error cases to cause 100% CPU utilization. (CVE-2014-0963)", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2014-06-18T00:00:00", "type": "nessus", "title": "IBM DB2 9.7 < Fix Pack 9a Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-6744", "CVE-2013-6747", "CVE-2014-0907", "CVE-2014-0963"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:ibm:db2"], "id": "DB2_97FP9A.NASL", "href": "https://www.tenable.com/plugins/nessus/76114", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76114);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2013-6744\",\n \"CVE-2013-6747\",\n \"CVE-2014-0907\",\n \"CVE-2014-0963\"\n );\n script_bugtraq_id(\n 65156,\n 67238,\n 67616,\n 67617\n );\n\n script_name(english:\"IBM DB2 9.7 < Fix Pack 9a Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its version, the installation of DB2 9.7 running on the\nremote host is prior to Fix Pack 9a. It is, therefore, affected by one\nor more of the following vulnerabilities :\n\n - An unspecified error exists related to handling\n malformed certificate chains that allows denial\n of service attacks. (CVE-2013-6747)\n\n - A build error exists related to libraries in insecure\n locations that allows a local user to carry out\n privilege escalation attacks. Note that this issue does\n not affect the application when running on Microsoft\n Windows operating systems. (CVE-2014-0907)\n\n - An unspecified error exists related to the TLS\n implementation that allows certain error cases to cause\n 100% CPU utilization. (CVE-2014-0963)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21672100\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21671732\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21450666#9a\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg24037559\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply IBM DB2 version 9.7 Fix Pack 9a or later.\n\nAlternatively, in the case of DB2 Version 9.7 Fix Pack 8, contact the\nvendor to obtain a special build with the interim fix.\n\nNote that the vendor has posted a workaround for the build error issue\n(CVE-2014-0907) involving the command 'sqllib/bin/db2chglibpath'.\nPlease consult the advisory for detailed instructions.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-6744\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/01/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:db2\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"db2_das_detect.nasl\");\n script_require_ports(\"Services/db2das\", 523);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"db2_report_func.inc\");\n\nport = get_service(svc:\"db2das\", default:523, exit_on_fail:TRUE);\n\nlevel = get_kb_item_or_exit(\"DB2/\" + port + \"/Level\");\nif (level !~ \"^9\\.7\\.\") audit(AUDIT_NOT_LISTEN, \"DB2 9.7\", port);\n\nplatform = get_kb_item_or_exit(\"DB2/\"+port+\"/Platform\");\nplatform_name = get_kb_item(\"DB2/\"+port+\"/Platform_Name\");\nif (isnull(platform_name))\n{\n platform_name = platform;\n report_phrase = \"platform \" + platform;\n}\nelse\n report_phrase = platform_name;\n\n\nvuln = FALSE;\n# Windows 32-bit/64-bit\nif (platform == 5 || platform == 23)\n{\n fixed_level = '9.7.901.409';\n if (ver_compare(ver:level, fix:fixed_level) == -1)\n vuln = TRUE;\n\n # In the case of a non-paranoid scan and FP8,\n # do not report.\n # It's not clear if the special build will\n # change the build level.\n if (level == '9.7.800.717' && report_paranoia < 2)\n exit(1, \"Nessus is unable to determine if the patch has been applied or not.\");\n}\n# Others\nelse if (\n # Linux, 2.6 kernel 32/64-bit\n platform == 18 ||\n platform == 30 ||\n # AIX\n platform == 20\n)\n{\n fixed_level = '9.7.0.9';\n if (ver_compare(ver:level, fix:fixed_level) <= 0)\n vuln = TRUE;\n\n # If not paranoid and at 9.7.0.9/9.7.0.8 already,\n # do not report - we cannot tell if the special\n # build or FP9a is there.\n if ((level == fixed_level || level == '9.7.0.8') && report_paranoia < 2)\n exit(1, \"Nessus is unable to determine if the patch has been applied or not.\");\n}\nelse\n{\n info =\n 'Nessus does not support version checks against ' + report_phrase + '.\\n' +\n 'To help us better identify vulnerable versions, please send the platform\\n' +\n 'number along with details about the platform, including the operating system\\n' +\n 'version, CPU architecture, and DB2 version to db2-platform-info@nessus.org.\\n';\n exit(1, info);\n}\n\nif (vuln)\n{\n report_db2(\n severity : SECURITY_HOLE,\n port : port,\n platform_name : platform_name,\n installed_level : level,\n fixed_level : fixed_level);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"DB2\", port, level);\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2022-04-16T14:05:40", "description": "According to its version, the installation of IBM DB2 10.1 running on the remote host is prior to Fix Pack 3a. It is, therefore, affected by one or more of the following vulnerabilities :\n\n - The included version of GSKit contains an error related to CBC-mode and timing that could allow an attacker to recover plaintext from encrypted communications. (CVE-2013-0169)\n\n - An unspecified error exists related to handling malformed certificate chains that could allow denial of service attacks. (CVE-2013-6747)\n\n - A build error exists related to libraries in insecure locations that could allow a local user to carry out privilege escalation attacks. Note this issue does not affect the application when running on Microsoft Windows operating systems. (CVE-2014-0907)\n\n - An unspecified error exists related to the TLS implementation that could allow certain error cases to cause 100% CPU utilization. (CVE-2014-0963)", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2014-06-18T00:00:00", "type": "nessus", "title": "IBM DB2 10.1 < Fix Pack 3a Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-0169", "CVE-2013-6747", "CVE-2014-0907", "CVE-2014-0963"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:ibm:db2"], "id": "DB2_101FP3A.NASL", "href": "https://www.tenable.com/plugins/nessus/76110", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76110);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2013-0169\",\n \"CVE-2013-6747\",\n \"CVE-2014-0907\",\n \"CVE-2014-0963\"\n );\n script_bugtraq_id(\n 57778,\n 65156,\n 67238,\n 67617\n );\n\n script_name(english:\"IBM DB2 10.1 < Fix Pack 3a Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its version, the installation of IBM DB2 10.1 running on\nthe remote host is prior to Fix Pack 3a. It is, therefore, affected by\none or more of the following vulnerabilities :\n\n - The included version of GSKit contains an error\n related to CBC-mode and timing that could allow an\n attacker to recover plaintext from encrypted\n communications. (CVE-2013-0169)\n\n - An unspecified error exists related to handling\n malformed certificate chains that could allow denial\n of service attacks. (CVE-2013-6747)\n\n - A build error exists related to libraries in insecure\n locations that could allow a local user to carry out\n privilege escalation attacks. Note this issue does not\n affect the application when running on Microsoft\n Windows operating systems. (CVE-2014-0907)\n\n - An unspecified error exists related to the TLS\n implementation that could allow certain error cases to\n cause 100% CPU utilization. (CVE-2014-0963)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21672100\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21671732\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www-01.ibm.com/support/docview.wss?uid=swg21610582\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg24037557\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply IBM DB2 version 10.1 Fix Pack 3a or Fix Pack 4 or later.\n\nNote that the vendor has posted a workaround for the build error issue\n(CVE-2014-0907) involving the command 'sqllib/bin/db2chglibpath'.\nPlease consult the advisory for detailed instructions.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0907\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/01/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:db2\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"db2_das_detect.nasl\");\n script_require_ports(\"Services/db2das\", 523);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"db2_report_func.inc\");\n\nport = get_service(svc:\"db2das\", default:523, exit_on_fail:TRUE);\n\nlevel = get_kb_item_or_exit(\"DB2/\" + port + \"/Level\");\nif (level !~ \"^10\\.1\\.\") audit(AUDIT_NOT_LISTEN, \"DB2 10.1\", port);\n\nplatform = get_kb_item_or_exit(\"DB2/\"+port+\"/Platform\");\nplatform_name = get_kb_item(\"DB2/\"+port+\"/Platform_Name\");\nif (isnull(platform_name))\n{\n platform_name = platform;\n report_phrase = \"platform \" + platform;\n}\nelse\n report_phrase = platform_name;\n\nvuln = FALSE;\n# Windows 32-bit/64-bit\nif (platform == 5 || platform == 23)\n{\n fixed_level = '10.1.301.770';\n if (ver_compare(ver:level, fix:fixed_level) == -1)\n vuln = TRUE;\n}\n# Others\nelse if (\n # Linux, 2.6 kernel 32/64-bit\n platform == 18 ||\n platform == 30 ||\n # AIX\n platform == 20\n)\n{\n fixed_level = '10.1.0.3';\n if (ver_compare(ver:level, fix:fixed_level) <= 0)\n vuln = TRUE;\n\n # If not paranoid and at 10.1.0.3 already,\n # do not report - we cannot tell if FP3a is there.\n if (level == fixed_level && report_paranoia < 2)\n exit(1, \"Nessus is unable to determine if the patch has been applied or not.\");\n}\nelse\n{\n info =\n 'Nessus does not support version checks against ' + report_phrase + '.\\n' +\n 'To help us better identify vulnerable versions, please send the platform\\n' +\n 'number along with details about the platform, including the operating system\\n' +\n 'version, CPU architecture, and DB2 version to db2-platform-info@nessus.org.\\n';\n exit(1, info);\n}\n\nif (vuln)\n{\n report_db2(\n severity : SECURITY_HOLE,\n port : port,\n platform_name : platform_name,\n installed_level : level,\n fixed_level : fixed_level);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"DB2\", port, level);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-04-16T14:05:04", "description": "According to its version, the installation of IBM DB2 running on the remote host is version 9.8 prior or equal to Fix Pack 5. It is, therefore, affected by one or more of the following vulnerabilities :\n\n - An unspecified error exists in the GSKit component when initiating SSL/TLS connections due to improper handling of malformed X.509 certificate chains. A remote attacker can exploit this to cause a denial of service.\n (CVE-2013-6747)\n\n - Untrusted search path vulnerabilities exist in unspecified setuid and setgid programs that allow a local attacker to gain root privileges by using a trojan horse library. (CVE-2014-0907)\n\n - An unspecified error exists in the reverse proxy GSKit component that allows a remote attacker to exhaust CPU resources by using crafted SSL messages, resulting in a denial of service. (CVE-2014-0963)\n\n - An unspecified error exists during the handling of SELECT statements with XML/XSLT functions that allows a remote attacker to gain access to arbitrary files.\n (CVE-2014-8910)\n\n - A flaw exists in the LUW component when handling SQL statements with unspecified Scaler functions. A remote, authenticated attacker can exploit this to cause a denial of service. (CVE-2015-0157)\n\n - An unspecified flaw in the General Parallel File System (GPFS) allows a local attacker to gain root privileges.\n CVE-2015-0197)\n\n - A flaw exists in the General Parallel File System (GPFS), related to certain cipherList configurations, that allows a remote attacker, using specially crafted data, to bypass authentication and execute arbitrary programs with root privileges. (CVE-2015-0198)\n\n - A denial of service vulnerability exists in the General Parallel File System (GPFS) that allows a local attacker to corrupt the kernel memory by sending crafted ioctl character device calls to the mmfslinux kernel module.\n (CVE-2015-0199)\n\n - An information disclosure vulnerability exists in the automated maintenance feature. An attacker with elevated privileges, by manipulating a stored procedure, can exploit this issue to disclose arbitrary files owned by the DB2 fenced ID on UNIX/Linux or the administrator on Windows. (CVE-2015-1883)\n\n - A flaw exists in the Data Movement feature when handling specially crafted queries. An authenticated, remote attacker can exploit this to delete database rows from a table without having the appropriate privileges.\n (CVE-2015-1922)\n\n - A flaw exists when handling SQL statements having unspecified LUW Scaler functions. An authenticated, remote attacker can exploit this to run arbitrary code, under the privileges of the DB2 instance owner, or to cause a denial of service. (CVE-2015-1935)", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2014-06-18T00:00:00", "type": "nessus", "title": "IBM DB2 9.8 <= Fix Pack 5 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-6747", "CVE-2014-0907", "CVE-2014-0963", "CVE-2014-8910", "CVE-2015-0157", "CVE-2015-0197", "CVE-2015-0198", "CVE-2015-0199", "CVE-2015-1883", "CVE-2015-1922", "CVE-2015-1935"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:ibm:db2"], "id": "DB2_98FP5_MULTI_VULN.NASL", "href": "https://www.tenable.com/plugins/nessus/76115", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76115);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2013-6747\",\n \"CVE-2014-0907\",\n \"CVE-2014-0963\",\n \"CVE-2014-8910\",\n \"CVE-2015-0157\",\n \"CVE-2015-0197\",\n \"CVE-2015-0198\",\n \"CVE-2015-0199\",\n \"CVE-2015-1883\",\n \"CVE-2015-1922\",\n \"CVE-2015-1935\"\n );\n script_bugtraq_id(\n 65156,\n 67238,\n 67617,\n 73278,\n 73282,\n 73283,\n 75908,\n 75911\n );\n\n script_name(english:\"IBM DB2 9.8 <= Fix Pack 5 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its version, the installation of IBM DB2 running on the\nremote host is version 9.8 prior or equal to Fix Pack 5. It is,\ntherefore, affected by one or more of the following vulnerabilities :\n\n - An unspecified error exists in the GSKit component when\n initiating SSL/TLS connections due to improper handling\n of malformed X.509 certificate chains. A remote attacker\n can exploit this to cause a denial of service.\n (CVE-2013-6747)\n\n - Untrusted search path vulnerabilities exist in\n unspecified setuid and setgid programs that allow a\n local attacker to gain root privileges by using a\n trojan horse library. (CVE-2014-0907)\n\n - An unspecified error exists in the reverse proxy GSKit\n component that allows a remote attacker to exhaust CPU\n resources by using crafted SSL messages, resulting in a\n denial of service. (CVE-2014-0963)\n\n - An unspecified error exists during the handling of\n SELECT statements with XML/XSLT functions that allows a\n remote attacker to gain access to arbitrary files.\n (CVE-2014-8910)\n\n - A flaw exists in the LUW component when handling SQL\n statements with unspecified Scaler functions. A remote,\n authenticated attacker can exploit this to cause a\n denial of service. (CVE-2015-0157)\n\n - An unspecified flaw in the General Parallel File System\n (GPFS) allows a local attacker to gain root privileges.\n CVE-2015-0197)\n\n - A flaw exists in the General Parallel File System\n (GPFS), related to certain cipherList configurations,\n that allows a remote attacker, using specially crafted\n data, to bypass authentication and execute arbitrary\n programs with root privileges. (CVE-2015-0198)\n\n - A denial of service vulnerability exists in the General\n Parallel File System (GPFS) that allows a local attacker\n to corrupt the kernel memory by sending crafted ioctl\n character device calls to the mmfslinux kernel module.\n (CVE-2015-0199)\n\n - An information disclosure vulnerability exists in the\n automated maintenance feature. An attacker with elevated\n privileges, by manipulating a stored procedure, can\n exploit this issue to disclose arbitrary files owned by\n the DB2 fenced ID on UNIX/Linux or the administrator on\n Windows. (CVE-2015-1883)\n\n - A flaw exists in the Data Movement feature when handling\n specially crafted queries. An authenticated, remote\n attacker can exploit this to delete database rows from a\n table without having the appropriate privileges.\n (CVE-2015-1922)\n\n - A flaw exists when handling SQL statements having\n unspecified LUW Scaler functions. An authenticated,\n remote attacker can exploit this to run arbitrary code,\n under the privileges of the DB2 instance owner, or to\n cause a denial of service. (CVE-2015-1935)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21672100\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21671732\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www-304.ibm.com/support/docview.wss?uid=swg21697987\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www-304.ibm.com/support/docview.wss?uid=swg21697988\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www-304.ibm.com/support/docview.wss?uid=swg21698308\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www-304.ibm.com/support/docview.wss?uid=swg21902662\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www-304.ibm.com/support/docview.wss?uid=swg21959650\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21902661\");\n script_set_attribute(attribute:\"solution\", value:\n\"Contact the vendor to obtain a special build with the interim fix.\n\nNote that the vendor has posted a workaround for the build error issue\n(CVE-2014-0907) involving the command 'sqllib/bin/db2chglibpath'.\nPlease consult the advisory for detailed instructions.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/01/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:db2\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"db2_das_detect.nasl\");\n script_require_ports(\"Services/db2das\", 523);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"db2_report_func.inc\");\n\nport = get_service(svc:\"db2das\", default:523, exit_on_fail:TRUE);\n\nlevel = get_kb_item_or_exit(\"DB2/\" + port + \"/Level\");\nif (level !~ \"^9\\.8\\.\") audit(AUDIT_NOT_LISTEN, \"DB2 9.8\", port);\n\nplatform = get_kb_item_or_exit(\"DB2/\"+port+\"/Platform\");\nplatform_name = get_kb_item(\"DB2/\"+port+\"/Platform_Name\");\nif (isnull(platform_name))\n{\n platform_name = platform;\n report_phrase = \"platform \" + platform;\n}\nelse\n report_phrase = platform_name;\n\n\nvuln = FALSE;\n# Note : DB2 9.8x is not available for Windows\nif (\n # Linux, 2.6 kernel 32/64-bit\n platform == 18 ||\n platform == 30 ||\n # AIX\n platform == 20\n)\n{\n fixed_level = '9.8.0.5';\n if (ver_compare(ver:level, fix:fixed_level) <= 0)\n vuln = TRUE;\n\n # If not paranoid and at 9.8.0.5 already,\n # do not report - we cannot tell if a special build is in place.\n if (level == fixed_level && report_paranoia < 2)\n exit(1, \"Nessus is unable to determine if the patch has been applied or not.\");\n}\nelse\n{\n info =\n 'Nessus does not support version checks against ' + report_phrase + '.\\n' +\n 'To help us better identify vulnerable versions, please send the platform\\n' +\n 'number along with details about the platform, including the operating system\\n' +\n 'version, CPU architecture, and DB2 version to db2-platform-info@nessus.org.\\n';\n exit(1, info);\n}\n\nif (vuln)\n{\n report_db2(\n severity : SECURITY_HOLE,\n port : port,\n platform_name : platform_name,\n installed_level : level,\n fixed_level : fixed_level);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"DB2\", port, level);\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
