|
Problem IC80561
|
Status: Closed |
SECURITY: REMOTE ESCALATION OF PRIVILEGE VULNERABILITY IN DAS (CVE-2012-0711). |
| product: |
DB2 FOR LUW / DB2FORLUW / 910 - DB2 |
| Problem description: |
There is a security vulnerability in the DB2 Administration
Server (DAS) which would allow a malicious user to remotely
exploit it to gain elevated privilege or to cause a denial of
service.
This vulnerability is not applicable to DAS running on the
Windows platform.
This problem was reported to IBM by axtaxt
working with the iDefense Vulnerability Contributor Program
(VCP). |
| Problem Summary: |
****************************************************************
* USERS AFFECTED: *
* All DB2 systems on all Linux, Unix and Windows platforms at *
* service levels from Version 9.1 GA through to Version 9.1 *
* Fix Pack 11. *
****************************************************************
* PROBLEM DESCRIPTION: *
* See Error Description. *
****************************************************************
* RECOMMENDATION: *
* Upgrade to DB2 Version 9.1 Fix Pack 12 or see "Local Fix" *
* portion for other suggestions. *
**************************************************************** |
| Local Fix: |
DB2 installs DAS by default. However, DAS is only required for
using the Control Center tools or performing remote
administration. If those features are not used then do not
enable DAS. |
| Solution |
The complete fix for this problem first appears in DB2 Version
9.1 Fix Pack 12 and all the subsequent Fix Packs. |
| Workaround |
not known / see Local fix |
| BUG-Tracking |
forerunner : APAR is sysrouted TO one or more of the following: IC80728 IC80729
follow-up : |
| Timestamps |
Date - problem reported :
Date - problem closed :
Date - last modified :
| 21.12.2011
17.07.2012
25.09.2012 |
| Problem solved at the following versions (IBM BugInfos) |
9.1.FP12
|
| Problem solved according to the fixlist(s) of the following version(s) |
| 9.1.0.12
|
 |
