IBM DB2 Windows shared memory vulnerabilities

Date Discovered: 2005. január 5.
Date Published: 2005. március 5.
Last Updated: 2005. március 5.

The information below provides details about this vulnerability.

Threat Assessment

Overall Risk: Medium
Impact: Medium
Popularity: Medium
Simplicity: Low

Vulnerability Description

Vulnerability ID: 32196
Discovered By: NGSSoftware
Exploitable Locally: Yes
Exploitable Remotely: No
Impact: Attackers can gain sensitive information or cause a denial of service condition.
Root Cause: Software Vulnerability

IBM DB2 on Windows contains vulnerabilities that can allow an attacker to gain sensitive information or cause a denial of service condition. The vulnerabilities are due to insecure permissions on shared memory. An attacker can gain passwords, read query results, and Shutdown or crash the service.

Recommendations

32196 - Technical Recommendation
Upgrade with the latest fixpack from the vendor as of 1/5/2005.

DB2 8.1:

http://www-306.ibm.com/software/data/db2/udb/support/downloadv8.html

Affected Technologies

IBM: DB2 8.1 for Windows

References

Source : Computer Associates International
www.ca.com