home clear 64x64
en blue 200x116 de orange 200x116 info letter User
suche 36x36
Latest versionsfixlist
11.1.0.7 FixList
10.5.0.9 FixList
10.1.0.6 FixList
9.8.0.5 FixList
9.7.0.11 FixList
9.5.0.10 FixList
9.1.0.12 FixList
Have problems? - contact us.
Register for free anmeldung-x26
Contact form kontakt-x26

DB2 - Problem description

Problem IC68015 Status: Closed

SECURITY: FUNCTIONS ARE NOT INVALIDATED NOR DROPPED ALTHOUGH OWNER LOSES
PRIVILEGES VIA PUBLIC TO ACCESS UNDERLYING OBJECTS.

product:
DB2 FOR LUW / DB2FORLUW / 970 - DB2
Problem description:
When privileges on a database object are revoked from PUBLIC, 
the dependent functions are not being marked INVALID.  Hence, 
users with execute privilege on the function are still able to 
call it successfully.  If already impacted by this APAR, 
affected functions should either be dropped and recreated 
manually or the owner of the functions should be granted 
sufficient privilege to access underlying database objects as 
appropriate.
Problem Summary:
**************************************************************** 
* USERS AFFECTED:                                              * 
* All DB2 Version 9.7 GA through to Fix Pack 2 servers         * 
* onLinux, Unix and Windows that rely on privileges to PUBLIC  * 
* tocontrol privileges.                                        * 
**************************************************************** 
* PROBLEM DESCRIPTION:                                         * 
* Incorrect checking leads to an exposure where users arestill * 
* able to use functions that depend on other databaseobjects,  * 
* for which privileges have been revoked via PUBLIC.           * 
**************************************************************** 
* RECOMMENDATION:                                              * 
* Grant privileges explicitly to groups, roles or usersinstead * 
* of relying on privileges via PUBLIC.                         * 
****************************************************************
Local Fix:
Grant and revoke privileges to specific users, groups or roles 
on database objects that user defined functions depend on 
instead of to PUBLIC.  Otherwise, apply DB2 Version 9.7 Fix Pack 
3.
available fix packs:
DB2 Version 9.7 Fix Pack 3a for Linux, UNIX, and Windows
 DB2 Version 9.7 Fix Pack 4 for Linux, UNIX, and Windows
 DB2 Version 9.7 Fix Pack 5 for Linux, UNIX, and Windows
 DB2 Version 9.7 Fix Pack 6 for Linux, UNIX, and Windows
 DB2 Version 9.7 Fix Pack 7 for Linux, UNIX, and Windows
 DB2 Version 9.7 Fix Pack 8 for Linux, UNIX, and Windows
 DB2 Version 9.7 Fix Pack 9 for Linux, UNIX, and Windows
 DB2 Version 9.7 Fix Pack 9a for Linux, UNIX, and Windows
 DB2 Version 9.7 Fix Pack 10 for Linux, UNIX, and Windows
Solution
Problem first fixed in DB2 Version 9.7 Fix Pack 3 and all 
subsequent Fix Packs.
Workaround
not known / see Local fix
BUG-Tracking
forerunner  : APAR is sysrouted TO one or more of the following: IC69537 
follow-up :
Timestamps
Date  - problem reported    :
Date  - problem closed      :
Date  - last modified       :

19.04.2010
14.09.2010
20.09.2010
Problem solved at the following versions (IBM BugInfos)
9.7.FP3
Problem solved according to the fixlist(s) of the following version(s)