DB2 - Problembeschreibung
Problem IC80561 | Status: Geschlossen |
SECURITY: REMOTE ESCALATION OF PRIVILEGE VULNERABILITY IN DAS (CVE-2012-0711). | |
Produkt: | |
DB2 FOR LUW / DB2FORLUW / 910 - DB2 | |
Problembeschreibung: | |
There is a security vulnerability in the DB2 Administration Server (DAS) which would allow a malicious user to remotely exploit it to gain elevated privilege or to cause a denial of service. This vulnerability is not applicable to DAS running on the Windows platform. This problem was reported to IBM by axtaxt working with the iDefense Vulnerability Contributor Program (VCP). | |
Problem-Zusammenfassung: | |
**************************************************************** * USERS AFFECTED: * * All DB2 systems on all Linux, Unix and Windows platforms at * * service levels from Version 9.1 GA through to Version 9.1 * * Fix Pack 11. * **************************************************************** * PROBLEM DESCRIPTION: * * See Error Description. * **************************************************************** * RECOMMENDATION: * * Upgrade to DB2 Version 9.1 Fix Pack 12 or see "Local Fix" * * portion for other suggestions. * **************************************************************** | |
Local-Fix: | |
DB2 installs DAS by default. However, DAS is only required for using the Control Center tools or performing remote administration. If those features are not used then do not enable DAS. | |
Lösung | |
The complete fix for this problem first appears in DB2 Version 9.1 Fix Pack 12 and all the subsequent Fix Packs. | |
Workaround | |
keiner bekannt / siehe Local-Fix | |
Bug-Verfolgung | |
Vorgänger : APAR is sysrouted TO one or more of the following: IC80728 IC80729 Nachfolger : | |
Weitere Daten | |
Datum - Problem gemeldet : Datum - Problem geschlossen : Datum - der letzten Änderung: | 21.12.2011 17.07.2012 25.09.2012 |
Problem behoben ab folgender Versionen (IBM BugInfos) | |
9.1.FP12 | |
Problem behoben lt. FixList in der Version | |
9.1.0.12 |