DB2 - Problem description
Problem IC70539 | Status: Closed |
SECURITY: REMOTE BUFFER OVERFLOW VULNERABILITY IN DB2 ADMINISTRATIVE SERVER | |
product: | |
DB2 FOR LUW / DB2FORLUW / 970 - DB2 | |
Problem description: | |
There exists a buffer overflow vulnerability with the DB2 Administrative Server (DAS). The vulnerability can cause a trap in DAS, causing a denial of service, or can lead to an escalation of privileges. This vulnerability does not affect the DB2 server. This problem was reported to IBM by an anonymous researcher working with TippingPoint's Zero Day Initiative (http://www.zerodayinitiative.com) | |
Problem Summary: | |
**************************************************************** * USERS AFFECTED: * * Users of the DB2 Administrative Server. * **************************************************************** * PROBLEM DESCRIPTION: * * See Error Description. * **************************************************************** * RECOMMENDATION: * * Upgrade to DB2 Version 9.7 Fix Pack 3 or do not start DAS if * * DAS is not needed. * **************************************************************** | |
Local Fix: | |
If you are not using DAS, ensure that DAS is not started. | |
available fix packs: | |
DB2 Version 9.7 Fix Pack 3 for Linux, UNIX, and Windows | |
Solution | |
The problem was first fixed in DB2 Version 9.7 Fix Pack 3. | |
Workaround | |
See Local Fix. | |
Timestamps | |
Date - problem reported : Date - problem closed : Date - last modified : | 12.08.2010 27.01.2011 27.01.2011 |
Problem solved at the following versions (IBM BugInfos) | |
9.7.FP3 | |
Problem solved according to the fixlist(s) of the following version(s) | |
9.7.0.3 | |
9.7.0.3 |