DB2 - Problembeschreibung
Problem IC66099 | Status: Geschlossen |
Security: Special group and user enumeration on Windows 2008 could trap the server. | |
Produkt: | |
DB2 FOR LUW / DB2FORLUW / 910 - DB2 | |
Problembeschreibung: | |
Special group and user enumeration operation on the DB2 server or DB2 Administrator Server (DAS) could trap when running on Windows 2008. The group and user enumeration affected is not part of the normal connect or database authorization checking processing. The vulnerability requires a valid database connection to exploit. | |
Problem-Zusammenfassung: | |
**************************************************************** * USERS AFFECTED: * * All on Windows 2008 * **************************************************************** * PROBLEM DESCRIPTION: * * Special group and user enumeration operation on the DB2 * * server or DB2 Administrator Server (DAS) could trap when * * running on Windows 2008. The group and user enumeration * * affected is not part of the normal connect or database * * authorization checking processing. The vulnerability * * requires a valid database connection to exploit. * **************************************************************** * RECOMMENDATION: * * Do not grant connection privilege to PUBLIC. Grant connect * * to trusted users, roles or groups, only. * **************************************************************** | |
Local-Fix: | |
Do not grant connection privilege to PUBLIC. Grant connect to trusted users, roles or groups, only. | |
verfügbare FixPacks: | |
DB2 Version 9.1 Fix Pack 10 for Linux, UNIX and Windows | |
Lösung | |
Fixed in v9.1 Fixpack 9 | |
Workaround | |
keiner bekannt / siehe Local-Fix | |
Bug-Verfolgung | |
Vorgänger : APAR is sysrouted TO one or more of the following: IC66642 IC66643 Nachfolger : | |
Weitere Daten | |
Datum - Problem gemeldet : Datum - Problem geschlossen : Datum - der letzten Änderung: | 04.02.2010 30.08.2010 30.08.2010 |
Problem behoben ab folgender Versionen (IBM BugInfos) | |
9.1.FP9 | |
Problem behoben lt. FixList in der Version | |
9.1.0.9 |