|
Problem IT08668
|
Status: Geschlossen |
SECURITY: DB2 LUW CONTAINS A VULNERABILITY IN SCALAR FUNCTION TH AT MAY CAUSE DB2 SERVER TO TERMINATE ABNORMALLY (CVE-2015-1935) |
| Produkt: |
DB2 FOR LUW / DB2FORLUW / 970 - DB2 |
| Problembeschreibung: |
IBM DB2 LUW contains a denial of service vulnerability. A
remote, authenticated DB2 user could exploit this vulnerability
by executing a specially-crafted SQL statement with the
vulnerable scalar functions. This could result in a DB2 server
crash or allow attackers to execute arbitrary code as the DB2
instance owner. |
| Problem-Zusammenfassung: |
****************************************************************
* USERS AFFECTED: *
* All DB2 systems on all Linux, Unix and Windows platforms at *
* service levels Version 9.7 GA through to Version 9.7 Fix *
* Pack 10. *
****************************************************************
* PROBLEM DESCRIPTION: *
* See Error Description *
****************************************************************
* RECOMMENDATION: *
* Upgrade to DB2 Version 9.7 Fix Pack11. *
* Refer to security bulletin for remediation: *
* http://www-01.ibm.com/support/docview.wss?uid=swg21902661 *
**************************************************************** |
| Local-Fix: |
|
| Lösung |
The complete fix for this problem first appears in DB2 Version
9.7 Fix Pack 11 and all the subsequent Fix Packs. |
| Workaround |
keiner bekannt / siehe Local-Fix |
| Weitere Daten |
Datum - Problem gemeldet :
Datum - Problem geschlossen :
Datum - der letzten Änderung:
| 01.05.2015
08.10.2015
08.10.2015 |
| Problem behoben ab folgender Versionen (IBM BugInfos) |
9.7.,
9.7.FP11
|
| Problem behoben lt. FixList in der Version |
| 9.7.0.11
|
 |
