Severity Rating: HIGH
Software Affected
IBM Db2 version 9.7
IBM Db2 version 10.1
IBM Db2 version 10.5
IBM Db2 version 11.1
IBM Db2 version 11.5
Overview
Multiple vulnerabilities have been reported in IBM DB2which could allow an
attacker to gain elevated privileges or cause denial of service conditions
on the targeted system.
Description
1. Buffer Overflow Vulnerabilities ( CVE-2020-4204 CVE-2020-4363 )
These vulnerability exists in IBM DB2 due to improper bounds checking. A
local attacker could exploit this vulnerability to execute arbitrary code
with root privileges.
Successful exploitation of this vulnerability could allow the attacker to
gain privileges on the target system.
2. Denial of Service Vulnerability ( CVE-2020-4420 )
This vulnerability exists in IBM DB2 due to improper handling of certain
commands. A local attacker could exploit this vulnerability due to hang in
the execution of a terminate command.
Successful exploitation of this vulnerability could allow the attacker to
cause denial of service conditions resulting in the DB2 to stop working.
3. Information Disclosure Vulnerability ( CVE-2020-4387 CVE-2020-4386 )
This vulnerability exists in IBM DB2 due to a symbolic link. A local
attacker could exploit this vulnerability by using race condition of a
symbolic link.
Successful exploitation of this vulnerability could allow the attacker to
obtain sensitive information on the target system.
4. Denial of Service Vulnerability ( CVE-2020-4355 )
This vulnerability exists in IBM DB2 due to improper handling of Secure
Sockets Layer (SSL) renegotiation requests. A remote attacker could exploit
this vulnerability by executing specially crafted DB2 commands and increase
the resource usage on the system.
Successful exploitation of this vulnerability could allow the attacker to
cause denial of service conditions resulting in the DB2 to stop working.
5. Information Disclosure and Denial of Service Vulnerability (
CVE-2020-4414 )
This vulnerability exists in IBM DB2 due to improper usage of shared
memory. A remote attacker could exploit this vulnerability by executing
specially crafted request and perform unauthorized actions on the system.
Successful exploitation of this vulnerability could allow the attacker to
cause denial of service condition and obtain sensitive information.
Solution
Apply appropriate updates mentioned in the IBM Security Bulletin
Vendor Information
IBM
References
IBM
CVE Name
CVE-2020-4204
CVE-2020-4363
CVE-2020-4420
CVE-2020-4387
CVE-2020-4386
CVE-2020-4355
CVE-2020-4414
About Cert Advisory
We have created this blog to provide latest security advisory from the india cert for the security vulnerability, threats, attacks and patching required to mitigate any kind of cyber attacks.