DB2 - Problembeschreibung
Problem IC79970 | Status: Geschlossen |
SECURITY: DB2 ESCALATION OF PRIVILEGE VULNERABILITY (CVE-2011-4061) | |
Produkt: | |
DB2 FOR LUW / DB2FORLUW / 950 - DB2 | |
Problembeschreibung: | |
DB2 Server products bundle IBM Tivoli Monitoring Agent (ITMA) which is intended for users of Optim Database Administrator. Use of the Monitoring Agent for DB2 is specifically restricted to supplying monitoring information to the Optim Database Administrator Health and Availability monitoring feature only. There is a vulnerability in ITMA which a local user can exploit to gain escalated privilege. . This vulnerability does not exist on DB2 for Windows. | |
Problem-Zusammenfassung: | |
**************************************************************** * USERS AFFECTED: * * All DB2 systems on all Linux, Unix and Windows platforms at * * service levels from Version 9.5 GA through to Version 9.5 * * Fix Pack 8. * **************************************************************** * PROBLEM DESCRIPTION: * * See Error Description. * **************************************************************** * RECOMMENDATION: * * Upgrade to DB2 Version 9.5 Fix Pack 9 or see "Local Fix" * * portion for other suggestions. * **************************************************************** | |
Local-Fix: | |
DB2 installs ITMA by default. However, ITMA is not required unless you are using Optim Database Administrator to monitor DB2. If you are not using ITMA for this purpose, you can uninstall it to mitigate the vulnerability. Refer to the following links for the uninstall information: V9.7: http://publib.boulder.ibm.com/infocenter/db2luw/v9r7/index.jsp?t opic=/com.ibm.db2.luw.qb.server.doc/doc/t0054822.html V9.5: http://publib.boulder.ibm.com/infocenter/db2luw/v9r5/index.jsp?t opic=/com.ibm.db2.luw.qb.server.doc/doc/t0054822.html | |
verfügbare FixPacks: | |
DB2 Version 9.5 Fix Pack 9 for Linux, UNIX, and Windows | |
Lösung | |
The complete fix for this problem first appears in DB2 Version 9.5 Fix Pack 9 and all the subsequent Fix Packs. | |
Workaround | |
keiner bekannt / siehe Local-Fix | |
Bug-Verfolgung | |
Vorgänger : APAR is sysrouted TO one or more of the following: IC84175 Nachfolger : | |
Weitere Daten | |
Datum - Problem gemeldet : Datum - Problem geschlossen : Datum - der letzten Änderung: | 23.11.2011 05.03.2012 11.06.2012 |
Problem behoben ab folgender Versionen (IBM BugInfos) | |
9.5.FP9 | |
Problem behoben lt. FixList in der Version | |
9.5.0.9 |