DB2 - Problem description
Problem IC66643 | Status: Closed |
Security: Special group and user enumeration on Windows 2008 could trap the server. | |
product: | |
DB2 FOR LUW / DB2FORLUW / 970 - DB2 | |
Problem description: | |
Special group and user enumeration operation on the DB2 server or DB2 Administrator Server (DAS) could trap when running on Windows 2008. The group and user enumeration affected is not part of the normal connect or database authorization checking processing. The vulnerability requires a valid database connection to exploit. | |
Problem Summary: | |
**************************************************************** * USERS AFFECTED: * * All users on Windows 2008 * **************************************************************** * PROBLEM DESCRIPTION: * * Special group and user enumeration operation on the DB2 * * server or DB2 Administrator Server (DAS) could trap when * * running on Windows 2008. The group and user enumeration * * affected is not part of the normal connect or database * * authorization checking processing. The vulnerability * * requires a valid database connection to exploit. * **************************************************************** * RECOMMENDATION: * * Do not grant connection privilege to PUBLIC. Grant connect * * to trusted users, roles or groups, only. * **************************************************************** | |
Local Fix: | |
Do not grant connection privilege to PUBLIC. Grant connect to trusted users, roles or groups, only. | |
available fix packs: | |
DB2 Version 9.7 Fix Pack 3 for Linux, UNIX, and Windows | |
Solution | |
Fixed in DB2 v9.7 Fixpack 2 | |
Workaround | |
not known / see Local fix | |
Timestamps | |
Date - problem reported : Date - problem closed : Date - last modified : | 24.02.2010 30.08.2010 30.08.2010 |
Problem solved at the following versions (IBM BugInfos) | |
9.7.FP2 | |
Problem solved according to the fixlist(s) of the following version(s) | |
9.7.0.1 |