Vigil@nce - IBM DB2 9.8: four vulnerabilities
June 2012 by Marc Jacob
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use four vulnerabilities of IBM DB2, in order to
create a denial of service or to elevate his privileges.
Severity: 2/4
Creation date: 04/06/2012
Revision date: 13/06/2012
IMPACTED PRODUCTS
– IBM DB2 UDB
DESCRIPTION OF THE VULNERABILITY
Four vulnerabilities were announced in IBM DB2.
An attacker can use a SQL query to read XML files. [severity:2/4;
CVE-2012-0713, IC81461, IC81462, IC81839, swg21592556]
An attacker can send a DRDA (Distributed Relational Database
Architecture) query, in order to create a denial of service.
[severity:1/4; CVE-2012-2180, IC82234, IC82367, swg21597090]
An attacker can create a denial of service via XML data.
[severity:2/4; CVE-2012-0712, IC81379, IC81380, IC81837]
An attacker can access to tables. [severity:2/4; 1588100,
CVE-2012-0709, IC81387, IC81390, IC81836]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/IBM-DB2-9-8-four-vulnerabilities-11674