home clear 64x64
en blue 200x116 de orange 200x116 info letter User
suche 36x36
Neueste VersionenFixList
11.1.0.7 FixList
10.5.0.9 FixList
10.1.0.6 FixList
9.8.0.5 FixList
9.7.0.11 FixList
9.5.0.10 FixList
9.1.0.12 FixList
Haben Sie Probleme? - Kontaktieren Sie uns.
Kostenlos registrieren anmeldung-x26
Kontaktformular kontakt-x26

DB2 - Problembeschreibung

Problem IC97737 Status: Geschlossen

SECURITY: QUERY WITH OLAP SPECIFICATION CAUSES DB2 SERVER TO SHUTDOWN
DATABASE. (CVE-2013-6717)

Produkt:
DB2 FOR LUW / DB2FORLUW / A10 - DB2
Problembeschreibung:
Executing a query with an OLAP specification may cause the DB2 
server to shutdown the database and terminate all connections to 
the database however the DB2 instance does not shutdown. 
 
 The stack includes this function: 
 
sqlsInitKeyfd__FP8sqeAgentP12SQLS_SORTDEFP10SQLD_FIELDP10SQLS_KE 
YFDP11SQLD_COLUMNPii + 0xA40 
 
db2diag would report the following: 
 
 2013-05-29-14.25.18.182300+600 I10400222A1217     LEVEL: Severe 
PID     : 12976130             TID  : 50892       PROC : db2sysc 
0 
INSTANCE: db2inst1             NODE : 000         DB   : ABCABC 
APPHDL  : 0-411                APPID: 
164.97.57.31.1431.130529042502 
AUTHID  : db2inst1 
EDUID   : 50892                EDUNAME: db2agent (ABCABC) 0 
FUNCTION: DB2 UDB, sort/list services, sqlsInitKeyfd, probe:35 
MESSAGE : ZRC=0x8704002F=-2029780945=SQLD_PARM "PARAMETER ERROR" 
          DIA8544C An invalid data type was encountered, the 
value was "". 
DATA #1 : String, 29 bytes 
Unknown keypart type in sort. 
DATA #2 : SQLS_SORTKEYDEF, PD_TYPE_SQLS_SORTKEYDEF, 24 bytes 
 
SQLS_SORTKEYDEF: Address:700000010addf68, Size:x18, Size:24 
   x0000        collation                     NULL 
   x0008        keyPartID                     0 
   x000A        sortkdefFlags                 x0000 
   x000C        sortkdefIntFlags              x0000 
   x000E        codepage                      0 
   x0012        keyPart 
      SQLD_FIELD: Address:700000010addf7a, Size:x6, Size:6 
         x0000  type                          BOOLEAN 
         x0002  length                        1 
         x0004  nullable                      x2 
                  - SQLZ_NONULLS
Problem-Zusammenfassung:
**************************************************************** 
* USERS AFFECTED:                                              * 
* All DB2 systems on all Linux, Unix and Windows platforms at  * 
* service levels Version 10.1 GA  through to Version 10.1 Fix  * 
* Pack 3.                                                      * 
**************************************************************** 
* PROBLEM DESCRIPTION:                                         * 
* See Error Description                                        * 
**************************************************************** 
* RECOMMENDATION:                                              * 
* See security bulletin:                                       * 
* http://www.ibm.com/support/docview.wss?uid=swg21660041       * 
****************************************************************
Local-Fix:
N/A
verfügbare FixPacks:
DB2 Version 10.1 Fix Pack 4 for Linux, UNIX, and Windows
DB2 Version 10.1 Fix Pack 3a for Linux, UNIX, and Windows
DB2 Version 10.1 Fix Pack 6 for Linux, UNIX, and Windows

Lösung
Security Bulletin: Executing a query with an OLAP specification 
causes the DB2 server to terminate database connections. 
(CVE-2013-6717) 
http://www.ibm.com/support/docview.wss?uid=swg21660041
Workaround
keiner bekannt / siehe Local-Fix
Weitere Daten
Datum - Problem gemeldet    :
Datum - Problem geschlossen :
Datum - der letzten Änderung:
18.11.2013
03.06.2014
06.06.2014
Problem behoben ab folgender Versionen (IBM BugInfos)
Problem behoben lt. FixList in der Version
10.1.0.4 FixList