IBM Support

Security Bulletin: IBM Security Guardium is affected by vulnerabilities in DB2, which Guardium ships

Security Bulletin


Summary

IBM Security Guardium has fixed these vulnerabilities

Vulnerability Details

CVEID:   CVE-2008-4692
DESCRIPTION:   An unspecified error in IBM DB2 related to the failure to drop views and triggers within the Native Managed Provider for .NET has an unknown impact and attack vector.
CVSS Base score: 5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/46021 for the current score.
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVEID:   CVE-2007-2582
DESCRIPTION:   An unspecified error in IBM DB2 related to the failure to drop views and triggers within the Native Managed Provider for .NET has an unknown impact and attack vector.
CVSS Base score: 7
CVSS Vector:

CVEID:   CVE-2007-3676
DESCRIPTION:   The IBM DB2 Administration Server (DAS) server could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error in db2dassrm. By sending a specially-crafted request to TCP port 523, a remote attacker could crash the service or execute arbitrary code with elevated privileges.
CVSS Base score: 6.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/40230 for the current score.
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVEID:   CVE-2007-5090
DESCRIPTION:   IBM Rational ClearQuest has an unspecified vulnerability which could allow a local attacker to manipulate data. An attacker could exploit this vulnerability to possibly launch further attacks on the vulnerable system.
CVSS Base score: 1.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/36771 for the current score.
CVSS Vector: (AV:L/AC:H/Au:N/C:N/I:P/A:N)

CVEID:   CVE-2007-5652
DESCRIPTION:   IBM DB2 is vulnerable to a denial of service caused by unspecified memory corruption errors in UDB authentication list handling. An attacker could exploit this vulnerability through unknown attack vectors to crash the authentication routine.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/37290 for the current score.
CVSS Vector: (AV:A/AC:M/Au:N/C:N/I:P/A:P)

CVEID:   CVE-2008-3958
DESCRIPTION:   IBM DB2 UDB is vulnerable to a denial of service, caused by an unspecified error when processing requests. By sending a specially-crafted CONNECT and ATTACH request that simulates a v7 client connect/attach request, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/45133 for the current score.
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVEID:   CVE-2008-3959
DESCRIPTION:   IBM DB2 UDB is vulnerable to a denial of service, caused by an unspecified error when processing requests. By sending a specially-crafted CONNECT and ATTACH request that simulates a v7 client connect/attach request, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/45134 for the current score.
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVEID:   CVE-2008-4691
DESCRIPTION:   An unspecified error in IBM DB2 related to the SQLNLS_UNPADDEDCHARLEN() function can cause a segmentation fault, resulting in a denial of service.
CVSS Base score: 5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/46019 for the current score.
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

Affected Products and Versions

Affected Product(s)Version(s)
IBM Security Guardium11.1

Remediation/Fixes

 ProductVersions Fix
IBM Security Guardium11.1http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Secur…

Workarounds and Mitigations

None

Get Notified about Future Security Bulletins

References

Off

Acknowledgement

Jonathan Fitz-Gerald, John Zuccato, Rodney Ryan, Chris Shepherd, Nathan Roane, Kamil Sarbinowski, Vince Dragnea, Troy Fisher and Elaheh Samani from IBM X-Force Ethical Hacking Team.

Change History

16 Oct 2020: Initial Publication

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.

Document Location

Worldwide

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"Component":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"11.1","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
19 October 2020

Initial Publish date:
16 October 2020

UID

ibm16349177