DB2 - Problembeschreibung
Problem IC69986 | Status: Geschlossen |
SECURITY: REMOTE BUFFER OVERFLOW VULNERABILITY IN DB2 ADMINISTRATIVE SERVER | |
Produkt: | |
DB2 FOR LUW / DB2FORLUW / 910 - DB2 | |
Problembeschreibung: | |
There exists a buffer overflow vulnerability with the DB2 Administrative Server (DAS). The vulnerability can cause a trap in DAS, causing a denial of service, or can lead to an escalation of privileges. This vulnerability does not affect the DB2 server. This problem was reported to IBM by an anonymous researcher working with TippingPoint's Zero Day Initiative (http://www.zerodayinitiative.com) | |
Problem-Zusammenfassung: | |
**************************************************************** * USERS AFFECTED: * * Users of the DB2 Administrative Server. * **************************************************************** * PROBLEM DESCRIPTION: * * See Error Description. * **************************************************************** * RECOMMENDATION: * * Upgrade to DB2 Version 9.1 Fix Pack 10 or do not start DAS * * if DAS is not needed. * **************************************************************** | |
Local-Fix: | |
If you are not using DAS, ensure that DAS is not started. | |
verfügbare FixPacks: | |
DB2 Version 9.1 Fix Pack 11 for Linux, UNIX and Windows | |
Lösung | |
The problem was first fixed in DB2 Version 9.1 Fix Pack 10. | |
Workaround | |
See Local Fix. | |
Bug-Verfolgung | |
Vorgänger : APAR is sysrouted TO one or more of the following: IC70538 IC70539 IC71979 Nachfolger : | |
Weitere Daten | |
Datum - Problem gemeldet : Datum - Problem geschlossen : Datum - der letzten Änderung: | 16.07.2010 27.01.2011 27.01.2011 |
Problem behoben ab folgender Versionen (IBM BugInfos) | |
9.1.FP10 | |
Problem behoben lt. FixList in der Version | |
9.1.0.10 |