DB2 FOR LUW / DB2FORLUW / 950 - DB2

The db2licm utility contains a security vulnerability .

**************************************************************** 
* USERS AFFECTED:                                              * 
* All DB2 systems on all Linux, Unix and Windows platforms at  * 
* service levels from Version 9.5 GA through to Version 9.5    * 
* Fix Pack 4.                                                  * 
**************************************************************** 
* PROBLEM DESCRIPTION:                                         * 
* See Error Description.                                       * 
**************************************************************** 
* RECOMMENDATION:                                              * 
* Upgrade to DB2 Version 9.5 Fix Pack 5 or the latest          * 
* recommended fix pack,  or see the "Local Fix"                * 
* portion for other suggestions.                               * 
**************************************************************** 
 
Download DB2 Fix Packs by Version: 
http://www.ibm.com/support/docview.wss?rs=71&uid=swg27007053

The db2licm command is for managing DB2 licenses.  DB2 will not 
be affected if all execute privileges are removed from the 
db2licm command.  Restore execute privilege only when it 
becomes necessary to manage DB2 licenses. Remember to remove 
the execute privileges once you are done.

DB2 Version 9.5 Fix Pack 5 for Linux, UNIX, and Windows
 DB2 Version 9.5 Fix Pack 6a for Linux, UNIX, and Windows
 DB2 Version 9.5 Fix Pack 7 for Linux, UNIX, and Windows
 DB2 Version 9.5 Fix Pack 8 for Linux, UNIX, and Windows
 DB2 Version 9.5 Fix Pack 9 for Linux, UNIX, and Windows
 DB2 Version 9.5 Fix Pack 10 for Linux, UNIX, and Windows
 

The complete fix for this problem first appears in DB2 Version 
9.5 Fix Pack 5 and all the subsequent Fix Packs.

not known / see Local fix

Date  - problem reported    :
Date  - problem closed      :
Date  - last modified       :

12.08.2009
15.12.2009
22.03.2010

9.5.FP5