Ibm Db2 vulnerabilities

CVE-2010-3474 [MEDIUM] CVE-2010-3474: IBM DB2 9.7 before FP3 does not perform the expected drops or invalidations of dependent functions u IBM DB2 9.7 before FP3 does not perform the expected drops or invalidations of dependent functions upon a loss of privileges by the functions' owners, which allows remote authenticated users to bypass intended access restrictions via calls to these functions, a different vulnerability than CVE-2009-3471.

CVE-2010-3475 [MEDIUM] CWE-264 CVE-2010-3475: IBM DB2 9.7 before FP3 does not properly enforce privilege requirements for execution of entries in IBM DB2 9.7 before FP3 does not properly enforce privilege requirements for execution of entries in the dynamic SQL cache, which allows remote authenticated users to bypass intended access restrictions by leveraging the cache to execute an UPDATE statement contained in a compiled compound SQL statement.

CVE-2010-3193 [CRITICAL] CVE-2010-3193: Unspecified vulnerability in the DB2STST program in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 Unspecified vulnerability in the DB2STST program in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 has unknown impact and attack vectors.

CVE-2010-3194 [HIGH] CWE-264 CVE-2010-3194: The DB2DART program in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 allows attackers t The DB2DART program in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 allows attackers to bypass intended file access restrictions via unspecified vectors related to overwriting files owned by an instance owner.

CVE-2010-3195 [MEDIUM] CVE-2010-3195: Unspecified vulnerability in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 on Windows S Unspecified vulnerability in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 on Windows Server 2008 allows attackers to cause a denial of service (trap) via vectors involving "special group and user enumeration."

CVE-2010-3197 [MEDIUM] CWE-264 CVE-2010-3197: IBM DB2 9.7 before FP2 does not perform the expected access control on the monitor administrative vi IBM DB2 9.7 before FP2 does not perform the expected access control on the monitor administrative views in the SYSIBMADM schema, which allows remote attackers to obtain sensitive information via unspecified vectors.

CVE-2010-3196 [LOW] CWE-264 CVE-2010-3196: IBM DB2 9.7 before FP2, when AUTO_REVAL is IMMEDIATE, allows remote authenticated users to cause a d IBM DB2 9.7 before FP2, when AUTO_REVAL is IMMEDIATE, allows remote authenticated users to cause a denial of service (loss of privileges) to a view owner by defining a dependent view.

CVE-2010-1560 [MEDIUM] CVE-2010-1560: Buffer overflow in the REPEAT function in IBM DB2 9.1 before FP9 allows remote authenticated users t Buffer overflow in the REPEAT function in IBM DB2 9.1 before FP9 allows remote authenticated users to cause a denial of service (trap) via unspecified vectors. NOTE: this might overlap CVE-2010-0462.

CVE-2010-0472 [MEDIUM] CVE-2010-0472: kuddb2 in Tivoli Monitoring for DB2, as distributed in IBM DB2 9.7 FP1 on Linux, allows remote attac kuddb2 in Tivoli Monitoring for DB2, as distributed in IBM DB2 9.7 FP1 on Linux, allows remote attackers to cause a denial of service (daemon crash) via a certain byte sequence.

CVE-2010-0462 [MEDIUM] CWE-119 CVE-2010-0462: Heap-based buffer overflow in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 allows remo Heap-based buffer overflow in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 allows remote authenticated users to have an unspecified impact via a SELECT statement that has a long column name generated with the REPEAT function.

CVE-2009-4439 [MEDIUM] CVE-2009-4439: Unspecified vulnerability in the Query Compiler, Rewrite, and Optimizer component in IBM DB2 9.5 bef Unspecified vulnerability in the Query Compiler, Rewrite, and Optimizer component in IBM DB2 9.5 before FP5 allows remote authenticated users to cause a denial of service (instance crash) by compiling a SQL query.

CVE-2009-4438 [MEDIUM] CWE-264 CVE-2009-4438: The Query Compiler, Rewrite, and Optimizer component in IBM DB2 9.1 before FP8, 9.5 before FP5, and The Query Compiler, Rewrite, and Optimizer component in IBM DB2 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 does not enforce privilege requirements for access to a (1) sequence or (2) global-variable object, which allows remote authenticated users to make use of data via unspecified vectors.

CVE-2009-4335 [CRITICAL] CVE-2009-4335: Multiple unspecified vulnerabilities in bundled stored procedures in the Spatial Extender component Multiple unspecified vulnerabilities in bundled stored procedures in the Spatial Extender component in IBM DB2 9.5 before FP5 have unknown impact and remote attack vectors, related to "remote exploits."

CVE-2009-4331 [HIGH] CWE-264 CVE-2009-4331: The Install component in IBM DB2 9.5 before FP5 and 9.7 before FP1 configures the High Availability The Install component in IBM DB2 9.5 before FP5 and 9.7 before FP1 configures the High Availability (HA) scripts with incorrect file-permission and authorization settings, which has unknown impact and local attack vectors.

CVE-2009-4330 [HIGH] CVE-2009-4330: Unspecified vulnerability in db2licm in the Engine Utilities component in IBM DB2 9.5 before FP5 has Unspecified vulnerability in db2licm in the Engine Utilities component in IBM DB2 9.5 before FP5 has unknown impact and local attack vectors.

CVE-2009-4333 [HIGH] CWE-200 CVE-2009-4333: The Relational Data Services component in IBM DB2 9.5 before FP5 allows attackers to obtain the pass The Relational Data Services component in IBM DB2 9.5 before FP5 allows attackers to obtain the password argument from the SET ENCRYPTION PASSWORD statement via vectors involving the GET SNAPSHOT FOR DYNAMIC SQL command.

CVE-2009-4327 [MEDIUM] CWE-20 CVE-2009-4327: The Common Code Infrastructure component in IBM DB2 9.5 before FP5 and 9.7 before FP1 does not prope The Common Code Infrastructure component in IBM DB2 9.5 before FP5 and 9.7 before FP1 does not properly validate the size of a memory pool during a creation attempt, which allows attackers to cause a denial of service (memory consumption) via unspecified vectors.

CVE-2009-4334 [MEDIUM] CWE-264 CVE-2009-4334: The Self Tuning Memory Manager (STMM) component in IBM DB2 9.1 before FP8, 9.5 before FP5, and 9.7 b The Self Tuning Memory Manager (STMM) component in IBM DB2 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 uses 0666 permissions for the STMM log file, which allows local users to cause a denial of service or have unspecified other impact by writing to this file.

CVE-2009-4329 [MEDIUM] CVE-2009-4329: Unspecified vulnerability in the Engine Utilities component in IBM DB2 9.5 before FP5 allows remote Unspecified vulnerability in the Engine Utilities component in IBM DB2 9.5 before FP5 allows remote authenticated users to cause a denial of service (segmentation fault) by modifying the db2ra data stream sent in a request from the Load Utility.

CVE-2009-4332 [MEDIUM] CVE-2009-4332: db2pd in the Problem Determination component in IBM DB2 9.1 before FP7 and 9.5 before FP5 allows att db2pd in the Problem Determination component in IBM DB2 9.1 before FP7 and 9.5 before FP5 allows attackers to cause a denial of service (NULL pointer dereference and application termination) via unspecified vectors.