Vigil@nce - IBM DB2 9.7: eight vulnerabilities
February 2016 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use several vulnerabilities of IBM DB2 9.7.
Impacted products: DB2 UDB.
Severity: 2/4.
Creation date: 31/12/2015.
DESCRIPTION OF THE VULNERABILITY
Several vulnerabilities were announced in IBM DB2 9.7.
An attacker can use several ALTER TABLE statements, in order to
trigger a denial of service. [severity:1/4; CVE-2014-6210,
IT04138, IT05652]
An attacker can use an ALTER TABLE on an Identity Column, in order
to trigger a denial of service. [severity:1/4; CVE-2014-6209,
IT04786, IT05647]
An attacker can use XML data, in order to trigger a denial of
service. [severity:1/4; CVE-2014-8901, IT05933, IT05939]
An attacker can transmit malicious XML data, in order to read a
file, scan sites, or trigger a denial of service. [severity:2/4;
CVE-2014-8910, IT06354]
An attacker can trigger a fatal error in SCALAR FUNCTIONS, in
order to trigger a denial of service. [severity:2/4;
CVE-2015-0157, IT07108]
An attacker can bypass security features in AUTOMATED MAINTENANCE,
in order to obtain sensitive information. [severity:2/4;
CVE-2015-1883, IT08080]
An attacker can delete a table, in order to trigger a denial of
service. [severity:2/4; CVE-2015-1922, IT08525]
An attacker can trigger a fatal error in SCALAR FUNCTION, in order
to trigger a denial of service. [severity:1/4; CVE-2015-1935,
IT08543]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
https://vigilance.fr/vulnerability/IBM-DB2-9-7-eight-vulnerabilities-18623