home clear 64x64
en blue 200x116 de orange 200x116 info letter User
suche 36x36
Neueste VersionenFixList
11.1.0.7 FixList
10.5.0.9 FixList
10.1.0.6 FixList
9.8.0.5 FixList
9.7.0.11 FixList
9.5.0.10 FixList
9.1.0.12 FixList
Haben Sie Probleme? - Kontaktieren Sie uns.
Kostenlos registrieren anmeldung-x26
Kontaktformular kontakt-x26

DB2 - Problembeschreibung

Problem IC99481 Status: Geschlossen

SECURITY: VULNERABILITY IN STORED PROCEDURE INFRASTRUCTURE CAN ALLOW
ESCALATION OF PRIVILEGE TO ADMINISTRATOR (CVE-2013-6744).

Produkt:
DB2 FOR LUW / DB2FORLUW / A50 - DB2
Problembeschreibung:
There is a security vulnerability in the Stored Procedure 
Infrastructure that will allow a malicious user to gain 
administrator privilege on the server.  This vulnerability is 
only applicable to DB2 on Windows. 
 
To exploit the vulnerability, the DB2 user will need to have 
CREATE_EXTERNAL_ROUTINE privilege which is by default not 
granted to PUBLIC. 
 
See security bulletin for details: 
http://www.ibm.com/support/docview.wss?uid=swg21673947
Problem-Zusammenfassung:
**************************************************************** 
* USERS AFFECTED:                                              * 
* All DB2 Servers on Windows platforms at service levels from  * 
* Version 10.5 GA through to Version 10.5 Fix Pack 3.          * 
**************************************************************** 
* PROBLEM DESCRIPTION:                                         * 
* See Error Description                                        * 
**************************************************************** 
* RECOMMENDATION:                                              * 
* Upgrade to DB2 Version 10.5 Fix Pack 3a or see "Local Fix"   * 
* portion for other suggestions.                               * 
****************************************************************
Local-Fix:
Revoke CREATE_EXTERNAL_ROUTINE from all users and only grant the 
privilege to trusted users.
verfügbare FixPacks:
DB2 Version 10.5 Fix Pack 3a for Linux, UNIX, and Windows
DB2 Cancun Release 10.5.0.4 (also known as Fix Pack 4) for Linux, UNIX, and Windows
DB2 Version 10.5 Fix Pack 9 for Linux, UNIX, and Windows

Lösung
The complete fix for this problem first appears in DB2 Version 
10.5 Fix Pack 3a and all the subsequent Fix Packs.
Workaround
keiner bekannt / siehe Local-Fix
Weitere Daten
Datum - Problem gemeldet    :
Datum - Problem geschlossen :
Datum - der letzten Änderung:
19.02.2014
23.05.2014
23.05.2014
Problem behoben ab folgender Versionen (IBM BugInfos)
Problem behoben lt. FixList in der Version