home clear 64x64
en blue 200x116 de orange 200x116 info letter User
suche 36x36
Neueste VersionenFixList
11.1.0.7 FixList
10.5.0.9 FixList
10.1.0.6 FixList
9.8.0.5 FixList
9.7.0.11 FixList
9.5.0.10 FixList
9.1.0.12 FixList
Haben Sie Probleme? - Kontaktieren Sie uns.
Kostenlos registrieren anmeldung-x26
Kontaktformular kontakt-x26

DB2 - Problembeschreibung

Problem IC84019 Status: Geschlossen

SECURITY: SQLJ.DB2_INSTALL_JAR DIRECTORY ESCAPE VULNERABILITY
(CVE-2012-2194).

Produkt:
DB2 FOR LUW / DB2FORLUW / 910 - DB2
Problembeschreibung:
The stored procedure SQLJ.DB2_INSTALL_JAR contains a 
vulnerability which could be exploited to replace JAR files at 
the DB2 server.
Problem-Zusammenfassung:
**************************************************************** 
* USERS AFFECTED:                                              * 
* All DB2 systems on Windows platforms at service levels from  * 
* Version 9.1 GA through to Version 9.1 Fix Pack 11.           * 
**************************************************************** 
* PROBLEM DESCRIPTION:                                         * 
* See Security Bulletin:  IBM DB2 Security Vulnerability in    * 
* SQLJ.DB2_INSTALL_JAR (CVE-2012-2194):                        * 
* http://www.ibm.com/support/docview.wss?uid=swg21607622       * 
**************************************************************** 
* RECOMMENDATION:                                              * 
* Upgrade to DB2 Version 9.1 Fix Pack 12 or see "Local Fix"    * 
* portion for other suggestions.                               * 
****************************************************************
Local-Fix:
Revoke EXECUTE privilege on SQLJ.DB2_INSTALL_JAR from PUBLIC.
Lösung
The complete fix for this problem first appears in DB2 Version 
9.1 Fix Pack 12 and all the subsequent Fix Packs.
Workaround
keiner bekannt / siehe Local-Fix
Bug-Verfolgung
Vorgänger  : APAR is sysrouted TO one or more of the following: IC84711 IC84714 IC84715 IC84716 
Nachfolger : 
Weitere Daten
Datum - Problem gemeldet    :
Datum - Problem geschlossen :
Datum - der letzten Änderung:
07.06.2012
17.07.2012
21.08.2012
Problem behoben ab folgender Versionen (IBM BugInfos)
9.1.FP12
Problem behoben lt. FixList in der Version
9.1.0.12 FixList