|
Problem IC69986
|
Status: Closed |
SECURITY: REMOTE BUFFER OVERFLOW VULNERABILITY IN DB2 ADMINISTRATIVE SERVER |
| product: |
DB2 FOR LUW / DB2FORLUW / 910 - DB2 |
| Problem description: |
There exists a buffer overflow vulnerability with the DB2
Administrative Server (DAS). The vulnerability can cause a trap
in DAS, causing a denial of service, or can lead to an
escalation of privileges.
This vulnerability does not affect the DB2 server.
This problem was reported to IBM by an anonymous researcher
working with TippingPoint's Zero Day Initiative
(http://www.zerodayinitiative.com) |
| Problem Summary: |
****************************************************************
* USERS AFFECTED: *
* Users of the DB2 Administrative Server. *
****************************************************************
* PROBLEM DESCRIPTION: *
* See Error Description. *
****************************************************************
* RECOMMENDATION: *
* Upgrade to DB2 Version 9.1 Fix Pack 10 or do not start DAS *
* if DAS is not needed. *
**************************************************************** |
| Local Fix: |
If you are not using DAS, ensure that DAS is not started. |
| available fix packs: |
DB2 Version 9.1 Fix Pack 11 for Linux, UNIX and Windows
DB2 Version 9.1 Fix Pack 12 for Linux, UNIX and Windows
|
| Solution |
The problem was first fixed in DB2 Version 9.1 Fix Pack 10. |
| Workaround |
See Local Fix. |
| BUG-Tracking |
forerunner : APAR is sysrouted TO one or more of the following: IC70538 IC70539 IC71979
follow-up : |
| Timestamps |
Date - problem reported :
Date - problem closed :
Date - last modified :
| 16.07.2010
27.01.2011
27.01.2011 |
| Problem solved at the following versions (IBM BugInfos) |
9.1.FP10
|
| Problem solved according to the fixlist(s) of the following version(s) |
| 9.1.0.10
|
 |
