DB2 - Problembeschreibung
Problem IC97737 | Status: Geschlossen |
SECURITY: QUERY WITH OLAP SPECIFICATION CAUSES DB2 SERVER TO SHUTDOWN DATABASE. (CVE-2013-6717) | |
Produkt: | |
DB2 FOR LUW / DB2FORLUW / A10 - DB2 | |
Problembeschreibung: | |
Executing a query with an OLAP specification may cause the DB2 server to shutdown the database and terminate all connections to the database however the DB2 instance does not shutdown. The stack includes this function: sqlsInitKeyfd__FP8sqeAgentP12SQLS_SORTDEFP10SQLD_FIELDP10SQLS_KE YFDP11SQLD_COLUMNPii + 0xA40 db2diag would report the following: 2013-05-29-14.25.18.182300+600 I10400222A1217 LEVEL: Severe PID : 12976130 TID : 50892 PROC : db2sysc 0 INSTANCE: db2inst1 NODE : 000 DB : ABCABC APPHDL : 0-411 APPID: 164.97.57.31.1431.130529042502 AUTHID : db2inst1 EDUID : 50892 EDUNAME: db2agent (ABCABC) 0 FUNCTION: DB2 UDB, sort/list services, sqlsInitKeyfd, probe:35 MESSAGE : ZRC=0x8704002F=-2029780945=SQLD_PARM "PARAMETER ERROR" DIA8544C An invalid data type was encountered, the value was "". DATA #1 : String, 29 bytes Unknown keypart type in sort. DATA #2 : SQLS_SORTKEYDEF, PD_TYPE_SQLS_SORTKEYDEF, 24 bytes SQLS_SORTKEYDEF: Address:700000010addf68, Size:x18, Size:24 x0000 collation NULL x0008 keyPartID 0 x000A sortkdefFlags x0000 x000C sortkdefIntFlags x0000 x000E codepage 0 x0012 keyPart SQLD_FIELD: Address:700000010addf7a, Size:x6, Size:6 x0000 type BOOLEAN x0002 length 1 x0004 nullable x2 - SQLZ_NONULLS | |
Problem-Zusammenfassung: | |
**************************************************************** * USERS AFFECTED: * * All DB2 systems on all Linux, Unix and Windows platforms at * * service levels Version 10.1 GA through to Version 10.1 Fix * * Pack 3. * **************************************************************** * PROBLEM DESCRIPTION: * * See Error Description * **************************************************************** * RECOMMENDATION: * * See security bulletin: * * http://www.ibm.com/support/docview.wss?uid=swg21660041 * **************************************************************** | |
Local-Fix: | |
N/A | |
verfügbare FixPacks: | |
DB2 Version 10.1 Fix Pack 4 for Linux, UNIX, and Windows | |
Lösung | |
Security Bulletin: Executing a query with an OLAP specification causes the DB2 server to terminate database connections. (CVE-2013-6717) http://www.ibm.com/support/docview.wss?uid=swg21660041 | |
Workaround | |
keiner bekannt / siehe Local-Fix | |
Weitere Daten | |
Datum - Problem gemeldet : Datum - Problem geschlossen : Datum - der letzten Änderung: | 18.11.2013 03.06.2014 06.06.2014 |
Problem behoben ab folgender Versionen (IBM BugInfos) | |
Problem behoben lt. FixList in der Version | |
10.1.0.4 |