|
Problem IC70538
|
Status: Closed |
SECURITY: REMOTE BUFFER OVERFLOW VULNERABILITY IN DB2 ADMINISTRATIVE SERVER |
| product: |
DB2 FOR LUW / DB2FORLUW / 950 - DB2 |
| Problem description: |
There exists a buffer overflow vulnerability with the DB2
Administrative Server (DAS). The vulnerability can cause a trap
in DAS, causing a denial of service, or can lead to an
escalation of privileges.
This vulnerability does not affect the DB2 server.
This problem was reported to IBM by an anonymous researcher
working with TippingPoint's Zero Day Initiative
(http://www.zerodayinitiative.com) |
| Problem Summary: |
****************************************************************
* USERS AFFECTED: *
* Users of the DB2 Administrative Server. *
****************************************************************
* PROBLEM DESCRIPTION: *
* See Error Description. *
****************************************************************
* RECOMMENDATION: *
* Upgrade to DB2 Version 9.5 Fix Pack 6 or do not start DAS if *
* DAS is not needed. *
**************************************************************** |
| Local Fix: |
If you are not using DAS, ensure that DAS is not started. |
| available fix packs: |
DB2 Version 9.5 Fix Pack 6a for Linux, UNIX, and Windows
DB2 Version 9.5 Fix Pack 7 for Linux, UNIX, and Windows
DB2 Version 9.5 Fix Pack 8 for Linux, UNIX, and Windows
DB2 Version 9.5 Fix Pack 9 for Linux, UNIX, and Windows
DB2 Version 9.5 Fix Pack 10 for Linux, UNIX, and Windows
|
| Solution |
The problem was first fixed in DB2 Version 9.5 Fix Pack 6. |
| Workaround |
See Local Fix. |
| Timestamps |
Date - problem reported :
Date - problem closed :
Date - last modified :
| 12.08.2010
27.01.2011
27.01.2011 |
| Problem solved at the following versions (IBM BugInfos) |
9.5.FP6
|
| Problem solved according to the fixlist(s) of the following version(s) |
