The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of IBM DB2 LUW

computer vulnerability announce CVE-2015-5370 CVE-2016-0128 CVE-2016-2110

Windows, Samba: code execution via Badlock

Synthesis of the vulnerability

An attacker can use the Badlock vulnerability of Windows or Samba, in order to run code.
Impacted products: ProxySG par Blue Coat, SGOS by Blue Coat, Debian, BIG-IP Hardware, TMOS, Fedora, HP-UX, DB2 UDB, QRadar SIEM, Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 7, Windows 8, Windows RT, Windows Vista, Data ONTAP, openSUSE, openSUSE Leap, Solaris, Pulse Connect Secure, RHEL, Samba, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DS***, Synology RS***, Ubuntu.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights.
Provenance: intranet client.
Confidence: confirmed by the editor (5/5).
Creation date: 23/03/2016.
Revision date: 12/04/2016.
Identifiers: 1986595, 1987766, 3148527, 9010080, bulletinjan2016, bulletinoct2016, c05162399, CVE-2015-5370, CVE-2016-0128, CVE-2016-2110, CVE-2016-2111, CVE-2016-2112, CVE-2016-2113, CVE-2016-2114, CVE-2016-2115, CVE-2016-2118, DLA-509-1, DSA-3548-1, DSA-3548-2, DSA-3548-3, FEDORA-2016-48b3761baa, FEDORA-2016-be53260726, HPSBUX03616, MS16-047, NTAP-20160412-0001, openSUSE-SU-2016:1025-1, openSUSE-SU-2016:1064-1, openSUSE-SU-2016:1106-1, openSUSE-SU-2016:1107-1, openSUSE-SU-2016:1108-1, openSUSE-SU-2016:1440-1, RHSA-2016:0611-01, RHSA-2016:0612-01, RHSA-2016:0613-01, RHSA-2016:0618-01, RHSA-2016:0619-01, RHSA-2016:0620-01, RHSA-2016:0621-01, RHSA-2016:0623-01, RHSA-2016:0624-01, RHSA-2016:0625-01, SA122, SA40196, SOL37603172, SOL53313971, SSA:2016-106-02, SSRT110128, SUSE-SU-2016:1022-1, SUSE-SU-2016:1023-1, SUSE-SU-2016:1024-1, SUSE-SU-2016:1028-1, SUSE-SU-2016:1105-1, USN-2950-1, USN-2950-2, USN-2950-3, USN-2950-4, USN-2950-5, VIGILANCE-VUL-19207, VU#813296.

Description of the vulnerability

The Windows and Samba products implement authentication for CIFS.

However, several vulnerabilities in these implementations can be used by a Man-in-the-Middle, or to weaken the protocol.

An attacker can therefore use the Badlock vulnerability of Windows or Samba, in order to run code.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability bulletin CVE-2015-7560 CVE-2016-0771

Samba: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Samba.
Impacted products: Debian, Fedora, HP-UX, DB2 UDB, openSUSE, openSUSE Leap, RHEL, Samba, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: data reading, data creation/edition, denial of service on service.
Provenance: user account.
Confidence: confirmed by the editor (5/5).
Creation date: 08/03/2016.
Identifiers: 1986595, c05121842, CERTFR-2016-AVI-084, CVE-2015-7560, CVE-2016-0771, DSA-3514-1, FEDORA-2016-cad77a4576, FEDORA-2016-ed1587f6ba, HPSBUX03596, openSUSE-SU-2016:0813-1, openSUSE-SU-2016:0877-1, openSUSE-SU-2016:1064-1, openSUSE-SU-2016:1106-1, openSUSE-SU-2016:1107-1, openSUSE-SU-2016:1108-1, openSUSE-SU-2016:1440-1, RHSA-2016:0448-01, RHSA-2016:0449-01, SSA:2016-068-02, SUSE-SU-2016:0814-1, SUSE-SU-2016:0816-1, SUSE-SU-2016:0837-1, SUSE-SU-2016:0905-1, USN-2922-1, VIGILANCE-VUL-19118.

Description of the vulnerability

Several vulnerabilities were announced in Samba.

An attacker can create a symbolic link, in order to alter ACLs. [severity:2/4; CVE-2015-7560]

An attacker can force a read at an invalid address with a DNS TXT record sent to the internal DNS server in AC DC mode, in order to trigger a denial of service. [severity:2/4; CVE-2016-0771]
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin CVE-2016-0729

Apache Xerces-C: buffer overflow

Synthesis of the vulnerability

An attacker can generate a buffer overflow of Apache Xerces-C, in order to trigger a denial of service, and possibly to run code.
Impacted products: Xerces-C++, Debian, Fedora, DB2 UDB, Notes, openSUSE, openSUSE Leap, Oracle Communications, RHEL, Shibboleth SP.
Severity: 3/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 25/02/2016.
Identifiers: 1610582, 1983969, 1984073, 1987066, 1990410, 2002647, cpuapr2017, cpuoct2018, CVE-2016-0729, DSA-3493-1, FEDORA-2016-0a061f6dd9, FEDORA-2016-7615febbd6, FEDORA-2016-87e8468465, FEDORA-2016-880b91c090, FEDORA-2016-ae9ac16cf3, openSUSE-SU-2016:0966-1, openSUSE-SU-2016:1121-1, RHSA-2016:0430-01, VIGILANCE-VUL-19033.

Description of the vulnerability

The Apache Xerces-C product analyzes XML data.

However, if the size of data is greater than the size of the storage array, an overflow occurs.

An attacker can therefore generate a buffer overflow of Apache Xerces-C, in order to trigger a denial of service, and possibly to run code.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert CVE-2015-4974 CVE-2015-4981 CVE-2015-7403

IBM DB2: three vulnerabilities of General Parallel File System

Synthesis of the vulnerability

An attacker can use several vulnerabilities of General Parallel File System of IBM DB2.
Impacted products: DB2 UDB.
Severity: 2/4.
Consequences: administrator access/rights, data reading, denial of service on service.
Provenance: user shell.
Confidence: confirmed by the editor (5/5).
Creation date: 22/02/2016.
Identifiers: 1610582, 1972152, CVE-2015-4974, CVE-2015-4981, CVE-2015-7403, VIGILANCE-VUL-19001.

Description of the vulnerability

Several vulnerabilities were announced in IBM DB2.

An attacker can use a vulnerability, in order to run code with root privileges. [severity:2/4; CVE-2015-4974]

An attacker can read a memory fragment, in order to obtain sensitive information. [severity:1/4; CVE-2015-4981]

An attacker can force a NULL pointer to be dereferenced, in order to trigger a denial of service. [severity:1/4; CVE-2015-7403]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert CVE-2016-0201

IBM GSKit: information disclosure via MD5 collisions

Synthesis of the vulnerability

An attacker can use a vulnerability in GSKit of IBM, in order to obtain sensitive information.
Impacted products: DB2 UDB, Informix Server, Tivoli Storage Manager, WebSphere MQ.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Confidence: confirmed by the editor (5/5).
Creation date: 19/01/2016.
Revision date: 22/01/2016.
Identifiers: 1610582, 1974466, 1974785, 1975839, CVE-2016-0201, VIGILANCE-VUL-18756.

Description of the vulnerability

Several IBM products use the GSKit component.

However, an attacker can trigger a MD5 collision to access to data.

An attacker can therefore use a vulnerability in GSKit of IBM, in order to obtain sensitive information.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert CVE-2015-7575

Mozilla NSS, OpenSSL, Oracle Java: MD5 allowed in TLS 1.2

Synthesis of the vulnerability

An attacker can create a MD5 collision in a TLS 1.2 session of Mozilla NSS, OpenSSL or Oracle Java, in order to capture data belonging to this session.
Impacted products: Blue Coat CAS, ProxySG par Blue Coat, SGOS by Blue Coat, Debian, Fedora, AIX, DB2 UDB, Domino, Notes, QRadar SIEM, SPSS Modeler, Tivoli Storage Manager, WebSphere AS Traditional, WebSphere MQ, JAXP, Firefox, NSS, Thunderbird, SnapManager, Java OpenJDK, OpenSSL, openSUSE, openSUSE Leap, Oracle Communications, Java Oracle, RHEL, SUSE Linux Enterprise Desktop, SLES, Synology DS***, Synology RS***, Ubuntu.
Severity: 1/4.
Consequences: data creation/edition.
Provenance: internet client.
Confidence: confirmed by the editor (5/5).
Creation date: 28/12/2015.
Revision date: 08/01/2016.
Identifiers: 000008896, 1974958, 1975290, 1975424, 1976113, 1976148, 1976200, 1976262, 1976362, 1976363, 1977405, 1977517, 1977518, 1977523, 9010065, cpujan2016, cpuoct2017, CVE-2015-7575, DSA-3436-1, DSA-3457-1, DSA-3465-1, DSA-3491-1, DSA-3688-1, FEDORA-2016-4aeba0f53d, MFSA-2015-150, NTAP-20160225-0001, NTAP20160225-001, openSUSE-SU-2015:2405-1, openSUSE-SU-2016:0007-1, openSUSE-SU-2016:0161-1, openSUSE-SU-2016:0162-1, openSUSE-SU-2016:0263-1, openSUSE-SU-2016:0268-1, openSUSE-SU-2016:0270-1, openSUSE-SU-2016:0272-1, openSUSE-SU-2016:0279-1, openSUSE-SU-2016:0307-1, openSUSE-SU-2016:0308-1, openSUSE-SU-2016:0488-1, RHSA-2016:0007-01, RHSA-2016:0008-01, RHSA-2016:0049-01, RHSA-2016:0050-01, RHSA-2016:0053-01, RHSA-2016:0054-01, RHSA-2016:0055-01, RHSA-2016:0056-01, RHSA-2016:0098-01, RHSA-2016:0099-01, RHSA-2016:0100-01, RHSA-2016:0101-01, SA108, SLOTH, SUSE-SU-2016:0256-1, SUSE-SU-2016:0265-1, SUSE-SU-2016:0269-1, SUSE-SU-2016:0390-1, SUSE-SU-2016:0399-1, SUSE-SU-2016:0401-1, SUSE-SU-2016:0428-1, SUSE-SU-2016:0431-1, SUSE-SU-2016:0433-1, SUSE-SU-2016:0770-1, SUSE-SU-2016:0776-1, USN-2863-1, USN-2864-1, USN-2866-1, USN-2884-1, USN-2904-1, VIGILANCE-VUL-18586.

Description of the vulnerability

The Mozilla NSS, OpenSSL and Oracle Java products implement TLS version 1.2.

The MD5 hashing algorithm is weak. However, it is accepted in signatures of TLS 1.2 ServerKeyExchange messages.

An attacker can therefore create a MD5 collision in a TLS 1.2 session of Mozilla NSS, OpenSSL or Oracle Java, in order to capture data belonging to this session.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin CVE-2014-6209 CVE-2014-6210 CVE-2014-8901

IBM DB2 9.7: eight vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of IBM DB2 9.7.
Impacted products: DB2 UDB.
Severity: 2/4.
Consequences: data reading, denial of service on service.
Provenance: intranet client.
Confidence: confirmed by the editor (5/5).
Creation date: 31/12/2015.
Identifiers: 1450666, CVE-2014-6209, CVE-2014-6210, CVE-2014-8901, CVE-2014-8910, CVE-2015-0157, CVE-2015-1883, CVE-2015-1922, CVE-2015-1935, IT04138, IT04786, IT05647, IT05652, IT05933, IT05939, IT06354, IT07108, IT08080, IT08525, IT08543, VIGILANCE-VUL-18623.

Description of the vulnerability

Several vulnerabilities were announced in IBM DB2 9.7.

An attacker can use several ALTER TABLE statements, in order to trigger a denial of service. [severity:1/4; CVE-2014-6210, IT04138, IT05652]

An attacker can use an ALTER TABLE on an Identity Column, in order to trigger a denial of service. [severity:1/4; CVE-2014-6209, IT04786, IT05647]

An attacker can use XML data, in order to trigger a denial of service. [severity:1/4; CVE-2014-8901, IT05933, IT05939]

An attacker can transmit malicious XML data, in order to read a file, scan sites, or trigger a denial of service. [severity:2/4; CVE-2014-8910, IT06354]

An attacker can trigger a fatal error in SCALAR FUNCTIONS, in order to trigger a denial of service. [severity:2/4; CVE-2015-0157, IT07108]

An attacker can bypass security features in AUTOMATED MAINTENANCE, in order to obtain sensitive information. [severity:2/4; CVE-2015-1883, IT08080]

An attacker can delete a table, in order to trigger a denial of service. [severity:2/4; CVE-2015-1922, IT08525]

An attacker can trigger a fatal error in SCALAR FUNCTION, in order to trigger a denial of service. [severity:1/4; CVE-2015-1935, IT08543]
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce CVE-2015-1947

IBM DB2: privilege escalation via Binaries Build

Synthesis of the vulnerability

Impacted products: DB2 UDB, Tivoli Storage Manager.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Confidence: confirmed by the editor (5/5).
Creation date: 31/12/2015.
Identifiers: 1610582, 1647054, 1970376, 1979698, CVE-2015-1947, IT08753, VIGILANCE-VUL-18622.

Description of the vulnerability

A local attacker can use IBM DB2, in order to escalate his privileges.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert CVE-2014-8910 CVE-2015-0157 CVE-2015-0197

IBM DB2 10.5: eight vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of IBM DB2 10.5.
Impacted products: DB2 UDB.
Severity: 2/4.
Consequences: data reading, denial of service on service.
Provenance: intranet client.
Confidence: confirmed by the editor (5/5).
Creation date: 31/12/2015.
Identifiers: 1647054, CVE-2014-8910, CVE-2015-0157, CVE-2015-0197, CVE-2015-0198, CVE-2015-0199, CVE-2015-1883, CVE-2015-1922, CVE-2015-1935, IT06354, IT07108, IT08080, IT08112, IT08525, IT08543, VIGILANCE-VUL-18621.

Description of the vulnerability

Several vulnerabilities were announced in IBM DB2 10.5.

An attacker can transmit malicious XML data, in order to read a file, scan sites, or trigger a denial of service. [severity:2/4; CVE-2014-8910, IT06354]

An attacker can trigger a fatal error in SCALAR FUNCTIONS, in order to trigger a denial of service. [severity:2/4; CVE-2015-0157, IT07108]

An attacker can bypass security features in AUTOMATED MAINTENANCE, in order to obtain sensitive information. [severity:2/4; CVE-2015-1883, IT08080]

An unknown vulnerability was announced in GPFS. [severity:2/4; CVE-2015-0197, IT08112]

An unknown vulnerability was announced in GPFS. [severity:2/4; CVE-2015-0198, IT08112]

An unknown vulnerability was announced in GPFS. [severity:2/4; CVE-2015-0199, IT08112]

An attacker can delete a table, in order to trigger a denial of service. [severity:2/4; CVE-2015-1922, IT08525]

An attacker can trigger a fatal error in SCALAR FUNCTION, in order to trigger a denial of service. [severity:1/4; CVE-2015-1935, IT08543]
Complete Vigil@nce bulletin.... (Free trial)

vulnerability note CVE-2015-4852 CVE-2015-6420 CVE-2015-6934

Apache Commons Collections: code execution via InvokerTransformer

Synthesis of the vulnerability

An attacker can send a malicious serialized Gadget Chain object to a Java application using Apache Commons Collections, in order to run shell code.
Impacted products: CAS Server, Blue Coat CAS, SGOS by Blue Coat, Brocade Network Advisor, Brocade vTM, ASA, AsyncOS, Cisco ESA, Cisco Prime Access Registrar, Prime Infrastructure, Cisco Prime LMS, Cisco PRSM, Secure ACS, Cisco CUCM, Cisco Unified CCX, Cisco MeetingPlace, Cisco Unity ~ precise, Debian, BIG-IP Hardware, TMOS, HPE BSM, HPE NNMi, HP Operations, DB2 UDB, Domino, Notes, IRAD, QRadar SIEM, SPSS Modeler, Tivoli Storage Manager, Tivoli Workload Scheduler, WebSphere AS Traditional, JBoss AS OpenSource, Junos Space, ePO, Mule ESB, Snap Creator Framework, SnapManager, NetIQ Sentinel, Oracle Communications, Oracle Directory Server, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Oracle iPlanet Web Proxy Server, Oracle iPlanet Web Server, Oracle OIT, Solaris, Tuxedo, Oracle Virtual Directory, WebLogic, Oracle Web Tier, RHEL, JBoss EAP by Red Hat, SAS Add-in for Microsoft Office, SAS Analytics Pro, Base SAS Software, SAS Enterprise BI Server, SAS Enterprise Guide, SAS Grid Manager, SAS Management Console, SAS OLAP Server, SAS SAS/ACCESS, SAS SAS/AF, SAS SAS/CONNECT, SAS SAS/EIS, SAS SAS/ETS, SAS SAS/FSP, SAS SAS/GRAPH, SAS SAS/IML, SAS SAS/OR, SAS SAS/STAT, SAS SAS/Web Report Studio, Unix (platform) ~ not comprehensive, vCenter Server.
Severity: 3/4.
Consequences: user access/rights.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 12/11/2015.
Identifiers: 1610582, 1970575, 1971370, 1971531, 1971533, 1971751, 1972261, 1972373, 1972565, 1972794, 1972839, 2011281, 7014463, 7022958, 9010052, BSA-2016-004, bulletinjul2016, c04953244, c05050545, c05206507, c05325823, c05327447, CERTFR-2015-AVI-484, CERTFR-2015-AVI-555, cisco-sa-20151209-java-deserialization, COLLECTIONS-580, cpuapr2017, cpuapr2018, cpujan2017, cpujan2018, cpujul2017, cpuoct2016, cpuoct2017, cpuoct2018, CVE-2015-4852, CVE-2015-6420, CVE-2015-6934, CVE-2015-7420-ERROR, CVE-2015-7450, CVE-2015-7501, CVE-2015-8545, CVE-2015-8765, CVE-2016-1985, CVE-2016-1997, CVE-2016-4373, CVE-2016-4398, DSA-3403-1, HPSBGN03542, HPSBGN03560, HPSBGN03630, HPSBGN03656, HPSBGN03670, JSA10838, NTAP-20151123-0001, RHSA-2015:2500-01, RHSA-2015:2501-01, RHSA-2015:2502-01, RHSA-2015:2516-01, RHSA-2015:2517-01, RHSA-2015:2521-01, RHSA-2015:2522-01, RHSA-2015:2523-01, RHSA-2015:2524-01, RHSA-2015:2534-01, RHSA-2015:2535-01, RHSA-2015:2536-01, RHSA-2015:2537-01, RHSA-2015:2538-01, RHSA-2015:2539-01, RHSA-2015:2540-01, RHSA-2015:2541-01, RHSA-2015:2542-01, RHSA-2015:2547-01, RHSA-2015:2548-01, RHSA-2015:2556-01, RHSA-2015:2557-01, RHSA-2015:2559-01, RHSA-2015:2560-01, RHSA-2015:2578-01, RHSA-2015:2579-01, RHSA-2015:2670-01, RHSA-2015:2671-01, RHSA-2016:0040-01, RHSA-2016:0118-01, SA110, SB10144, SOL30518307, VIGILANCE-VUL-18294, VMSA-2015-0009, VMSA-2015-0009.1, VMSA-2015-0009.2, VMSA-2015-0009.3, VMSA-2015-0009.4, VU#576313.

Description of the vulnerability

The Apache Commons Collections library is used by several Java applications.

A Java Gadgets ("gadget chains") object can contain Transformers, with an "exec" string containing a shell command which is run with the Java.lang.Runtime.exec() method. When raw data are unserialized, the readObject() method is thus called to rebuild the Gadgets object, and it uses InvokerTransformer, which runs the indicated shell command.

It can be noted that other classes (CloneTransformer, ForClosure, InstantiateFactory, InstantiateTransformer, PrototypeCloneFactory, PrototypeSerializationFactory, WhileClosure) also execute a shell command from raw data to deserialize.

However, several applications publicly expose (before authentication) the Java unserialization feature.

An attacker can therefore send a malicious serialized Gadget Chain object to a Java application using Apache Commons Collections, in order to run shell code.
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about IBM DB2 LUW: