home clear 64x64
en blue 200x116 de orange 200x116 info letter User
suche 36x36
Latest versionsfixlist
11.1.0.7 FixList
10.5.0.9 FixList
10.1.0.6 FixList
9.8.0.5 FixList
9.7.0.11 FixList
9.5.0.10 FixList
9.1.0.12 FixList
Have problems? - contact us.
Register for free anmeldung-x26
Contact form kontakt-x26

DB2 - Problem description

Problem IC66643 Status: Closed

Security: Special group and user enumeration on Windows 2008 could trap
the server.

product:
DB2 FOR LUW / DB2FORLUW / 970 - DB2
Problem description:
Special group and user enumeration operation on the DB2 server 
or DB2 Administrator Server (DAS) could trap when running on 
Windows 2008. 
 
The group and user enumeration affected is not part of the 
normal connect or database authorization checking processing. 
The vulnerability requires a valid database connection to 
exploit.
Problem Summary:
**************************************************************** 
* USERS AFFECTED:                                              * 
* All users on Windows 2008                                    * 
**************************************************************** 
* PROBLEM DESCRIPTION:                                         * 
* Special group and user enumeration operation on the DB2      * 
* server or DB2 Administrator Server (DAS) could trap when     * 
* running on Windows 2008. The group and user enumeration      * 
* affected is not part of the normal connect or database       * 
* authorization checking processing. The vulnerability         * 
* requires a valid database connection to exploit.             * 
**************************************************************** 
* RECOMMENDATION:                                              * 
* Do not grant connection privilege to PUBLIC.  Grant connect  * 
* to trusted users, roles or groups, only.                     * 
****************************************************************
Local Fix:
Do not grant connection privilege to PUBLIC.  Grant connect to 
trusted users, roles or groups, only.
available fix packs:
DB2 Version 9.7 Fix Pack 3 for Linux, UNIX, and Windows
DB2 Version 9.7 Fix Pack 2 for Linux, UNIX, and Windows
DB2 Version 9.7 Fix Pack 3a for Linux, UNIX, and Windows
DB2 Version 9.7 Fix Pack 1 for Linux, UNIX, and Windows
DB2 Version 9.7 Fix Pack 4 for Linux, UNIX, and Windows
DB2 Version 9.7 Fix Pack 5 for Linux, UNIX, and Windows
DB2 Version 9.7 Fix Pack 6 for Linux, UNIX, and Windows
DB2 Version 9.7 Fix Pack 7 for Linux, UNIX, and Windows
DB2 Version 9.7 Fix Pack 9a for Linux, UNIX, and Windows
DB2 Version 9.7 Fix Pack 8 for Linux, UNIX, and Windows
DB2 Version 9.7 Fix Pack 9 for Linux, UNIX, and Windows
DB2 Version 9.7 Fix Pack 10 for Linux, UNIX, and Windows

Solution
Fixed in DB2 v9.7 Fixpack 2
Workaround
not known / see Local fix
Timestamps
Date  - problem reported    :
Date  - problem closed      :
Date  - last modified       :
24.02.2010
30.08.2010
30.08.2010
Problem solved at the following versions (IBM BugInfos)
9.7.FP2
Problem solved according to the fixlist(s) of the following version(s)
9.7.0.1 FixList