VRDA Feed by JPCERT/CC
  Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis
[ about VRDA Feed | JPCERT/CC



 
Vulnerability Analysis Result (Revision No : 1) [ Download XML
CVE-2010-3734
db2: The Install component in IBM DB2 UDB 9.5 before FP6...
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3734

Original

The Install component in IBM DB2 UDB 9.5 before FP6a on Linux, UNIX, and Windows enforces an unintended limit on password length, which makes it easier for attackers to obtain access via a brute-force attack.

Translation   (Show)





About This Analysis Information
Analysis Information Provider:
NIST NVD
First Published:
2010-10-05
Source Information Category:
Advisory, Alert
Last Updated:
2010-10-05




Affected Product Tags
cpe:/a:ibm:db2:9.5
cpe:/a:ibm:db2:9.5:fp1
cpe:/a:ibm:db2:9.5:fp2
cpe:/a:ibm:db2:9.5:fp2a
cpe:/a:ibm:db2:9.5:fp3
cpe:/a:ibm:db2:9.5:fp3a
cpe:/a:ibm:db2:9.5:fp3b
cpe:/a:ibm:db2:9.5:fp4
cpe:/a:ibm:db2:9.5:fp4a
cpe:/a:ibm:db2:9.5:fp5
 


Vulnerability Analysis Results
[Access Vector]  [?]
Undefined [?]

Local [?]
Adjacent Network [?]
X Network [?]
[Access Complexit]  [?]
Undefined [?]

High [?]
Medium [?]
X Low [?]
[Authentication]  [?]
Undefined [?]

Multiple [?]
Single [?]
X None [?]
[Confidentiality Impact]  [?]
Undefined [?]

X None [?]
Partial [?]
Complete [?]
[Integrity Impact]  [?]
Undefined [?]

None [?]
X Partial [?]
Complete [?]
[Availability Impact]  [?]
Undefined [?]

X None [?]
Partial [?]
Complete [?]
Alternatives




References
AIXAPAR IC62856




CONFIRM ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT




Vulnerability Type Permissions, Privileges, and Access Control (CWE-264)




Copyright © 2010 JPCERT/CC All Rights Reserved.