home clear 64x64
en blue 200x116 de orange 200x116 info letter User
suche 36x36
Neueste VersionenFixList
11.1.0.7 FixList
10.5.0.9 FixList
10.1.0.6 FixList
9.8.0.5 FixList
9.7.0.11 FixList
9.5.0.10 FixList
9.1.0.12 FixList
Haben Sie Probleme? - Kontaktieren Sie uns.
Kostenlos registrieren anmeldung-x26
Kontaktformular kontakt-x26

DB2 - Problembeschreibung

Problem IC66099 Status: Geschlossen

Security: Special group and user enumeration on Windows 2008 could trap
the server.

Produkt:
DB2 FOR LUW / DB2FORLUW / 910 - DB2
Problembeschreibung:
Special group and user enumeration operation on the DB2 server 
or DB2 Administrator Server (DAS) could trap when running on 
Windows 2008. 
 
The group and user enumeration affected is not part of the 
normal connect or database authorization checking processing. 
The vulnerability requires a valid database connection to 
exploit.
Problem-Zusammenfassung:
**************************************************************** 
* USERS AFFECTED:                                              * 
* All on Windows 2008                                          * 
**************************************************************** 
* PROBLEM DESCRIPTION:                                         * 
* Special group and user enumeration operation on the DB2      * 
* server or DB2 Administrator Server (DAS) could trap when     * 
* running on Windows 2008. The group and user enumeration      * 
* affected is not part of the normal connect or database       * 
* authorization checking processing. The vulnerability         * 
* requires a valid database connection to exploit.             * 
**************************************************************** 
* RECOMMENDATION:                                              * 
* Do not grant connection privilege to PUBLIC.  Grant connect  * 
* to trusted users, roles or groups, only.                     * 
****************************************************************
Local-Fix:
Do not grant connection privilege to PUBLIC.  Grant connect to 
trusted users, roles or groups, only.
verfügbare FixPacks:
DB2 Version 9.1 Fix Pack 10  for Linux, UNIX and Windows
DB2 Version 9.1 Fix Pack 11  for Linux, UNIX and Windows
DB2 Version 9.1 Fix Pack 12  for Linux, UNIX and Windows

Lösung
Fixed in v9.1 Fixpack 9
Workaround
keiner bekannt / siehe Local-Fix
Bug-Verfolgung
Vorgänger  : APAR is sysrouted TO one or more of the following: IC66642 IC66643 
Nachfolger : 
Weitere Daten
Datum - Problem gemeldet    :
Datum - Problem geschlossen :
Datum - der letzten Änderung:
04.02.2010
30.08.2010
30.08.2010
Problem behoben ab folgender Versionen (IBM BugInfos)
9.1.FP9
Problem behoben lt. FixList in der Version
9.1.0.9 FixList