Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-1905

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2009-1905
Last Modified 01 Oct 2009 01:22:42
Published 03 Jun 2009 05:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2009-1905

Summary

The Common Code Infrastructure component in IBM DB2 8 before FP17, 9.1 before FP7, and 9.5 before FP4, when LDAP security (aka IBMLDAPauthserver) and anonymous bind are enabled, allows remote attackers to bypass password authentication and establish a database connection via unspecified vectors.

Vulnerable Systems

Application

  • Ibm Db2 8.0

  • Ibm Db2 9.1

  • Ibm Db2 9.5


References

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21386689

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21318189

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21293566

AIXAPAR - JR32273

AIXAPAR - JR32272

AIXAPAR - JR32268

CONFIRM - ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT

XF - ibmdb2-ldap-security-bypass(50909)

BID - 36540

BID - 35171

SECTRACK - 1022319

SECUNIA - 35235

SECUNIA - 31787


Last Updated: 27 May 2016 10:50:42