home clear 64x64
en blue 200x116 de orange 200x116 info letter User
suche 36x36
Neueste VersionenFixList
11.1.0.7 FixList
10.5.0.9 FixList
10.1.0.6 FixList
9.8.0.5 FixList
9.7.0.11 FixList
9.5.0.10 FixList
9.1.0.12 FixList
Haben Sie Probleme? - Kontaktieren Sie uns.
Kostenlos registrieren anmeldung-x26
Kontaktformular kontakt-x26

DB2 - Problembeschreibung

Problem IC84751 Status: Geschlossen

SECURITY: GET_WRAP_CFG_C AND GET_WRAP_CFG_C2 ALLOWS UNAUTHORIZED ACCESS XML
FILES (CVE-2012-2196).

Produkt:
DB2 FOR LUW / DB2FORLUW / A10 - DB2
Problembeschreibung:
The stored procedure GET_WRAP_CFG_C and GET_WRAP_CFG_C2 could be 
exploited to read any XML file 
owned by the DB2 fenced ID.  On Windows, the DB2 fenced ID is an 
administrator.
Problem-Zusammenfassung:
**************************************************************** 
* USERS AFFECTED:                                              * 
* All DB2 systems on all Linux, Unix and Windows platforms at  * 
* service level Version V10.1 GA.                              * 
**************************************************************** 
* PROBLEM DESCRIPTION:                                         * 
* See Security Bulletin: XML File Disclosure Vulnerability in  * 
* IBM DB2 GET_WRAP_CFG_C and GET_WRAP_CFG_C2 (CVE-2012-2196):  * 
* http://www-01.ibm.com/support/docview.wss?uid=swg21607618    * 
**************************************************************** 
* RECOMMENDATION:                                              * 
* Upgrade to DB2 Version 10.1 Fix Pack 1 or see "Local Fix"    * 
* portion for other suggestions.                               * 
****************************************************************
Local-Fix:
The two stored procedures are used by Control Center.  If 
Control Center is not being used then revoke EXECUTE privilege 
on the stored procedures from PUBLIC: 
 
REVOKE EXECUTE ON PROCEDURE SYSPROC.GET_WRAP_CFG_C FROM PUBLIC 
RESTRICT 
REVOKE EXECUTE ON PROCEDURE SYSPROC.GET_WRAP_CFG_C2 FROM PUBLIC 
RESTRICT
verfügbare FixPacks:
DB2 Version 10.1 Fix Pack 1 for Linux, UNIX, and Windows
 DB2 Version 10.1 Fix Pack 2 for Linux, UNIX, and Windows
 DB2 Version 10.1 Fix Pack 3 for Linux, UNIX, and Windows
 DB2 Version 10.1 Fix Pack 4 for Linux, UNIX, and Windows
 DB2 Version 10.1 Fix Pack 3a for Linux, UNIX, and Windows
 DB2 Version 10.1 Fix Pack 6 for Linux, UNIX, and Windows
Lösung
The complete fix for this problem first appears in DB2 Version 
10.1 Fix Pack 1 and all the subsequent Fix Packs.
Workaround
keiner bekannt / siehe Local-Fix
Weitere Daten
Datum - Problem gemeldet    :
Datum - Problem geschlossen :
Datum - der letzten Änderung:

19.06.2012
24.09.2012
24.09.2012
Problem behoben ab folgender Versionen (IBM BugInfos)


Problem behoben lt. FixList in der Version


10.1.0.1

FixList



10.5.0.1

FixList