|
Problem IC68762
|
Status: Closed |
SECURITY: THE TIVOLI MONITORING AGENT (KUDDB2) FOR DB2 HAS DOS VULNERABILITY. (CVE-2010-0472) |
| product: |
DB2 FOR LUW / DB2FORLUW / 970 - DB2 |
| Problem description: |
The Tivoli Monitoring Agent (kuddb2) for DB2 has a remote Denial
of Service vulnerability which would prevent IBM Data Studio
Administration Console (DSAC) from monitoring DB2. The DB2
server is unaffected by this vulnerability. |
| Problem Summary: |
****************************************************************
* USERS AFFECTED: *
* All DB2 systems using DB2 Data Studio Administrative Console *
* on all Linux, Unix and Windows platforms at service levels *
* Version 9.7 GA. *
****************************************************************
* PROBLEM DESCRIPTION: *
* See Error Description *
****************************************************************
* RECOMMENDATION: *
* ************************************************************ *
* **** *
* * RECOMMENDATION: *
* * *
* * The fix as described in the "Local Fix" section of the *
* APAR * *
* * is sufficient to mitigate the vulnerability. *
* * *
* *
* ************************************************************ *
* **** *
* *
* Problem conclusion *
* *
* The fix as described in the "Local Fix" section of the *
* APAR is sufficient to mitigate the vulnerability.. *
**************************************************************** |
| Local Fix: |
The workaround is to configure the Tivoli Monitoring Agent
(kuddb2) to use ephemeral ports which will make the agent
invisible to outsiders.
To enable ephemeral ports, change the original KDC_FAMILIES
entry in kincms.ini to "KDC_FAMILIES=EPHEMERAL:Y IP.PIPE
IP.SPIPE SNA IP HTTP_CONSOLE:N HTTP_SERVER:N".
This needs to be done at for each DB2 server instance.
Each DB2 server instance has its own ini file. The ini file
name format is as follows:
<DB2_Install_Path>/itma/TMAITM6/kudcma_<INSTANCE_NAME>.ini
You will need to restart the IBM Data Studio Administration
Console Monitoring server/service and the Tivoli Monitoring
Agent. |
| available fix packs: |
DB2 Version 9.7 Fix Pack 2 for Linux, UNIX, and Windows
DB2 Version 9.7 Fix Pack 3 for Linux, UNIX, and Windows
DB2 Version 9.7 Fix Pack 3a for Linux, UNIX, and Windows
DB2 Version 9.7 Fix Pack 4 for Linux, UNIX, and Windows
DB2 Version 9.7 Fix Pack 5 for Linux, UNIX, and Windows
DB2 Version 9.7 Fix Pack 6 for Linux, UNIX, and Windows
DB2 Version 9.7 Fix Pack 7 for Linux, UNIX, and Windows
DB2 Version 9.7 Fix Pack 9a for Linux, UNIX, and Windows
DB2 Version 9.7 Fix Pack 8 for Linux, UNIX, and Windows
DB2 Version 9.7 Fix Pack 9 for Linux, UNIX, and Windows
DB2 Version 9.7 Fix Pack 10 for Linux, UNIX, and Windows
|
| Solution |
|
| Workaround |
not known / see Local fix |
| Timestamps |
Date - problem reported :
Date - problem closed :
Date - last modified :
| 20.05.2010
03.04.2013
03.04.2013 |
| Problem solved at the following versions (IBM BugInfos) |
|
| Problem solved according to the fixlist(s) of the following version(s) |
| 9.7.0.2
|
 |
