DB2 FOR LUW / DB2FORLUW / 970 - DB2

A stack buffer overflow vulnerability in SQL/Persistent Stored 
Modules (PSM) debugging infrastructure could be exploited to 
attain remote code execution. 
 
To exploit the vulnerability the malicious user would need: 
1) Valid credential to connect to database 
2) CONNECT privilege on database 
3) A PSM stored procedure to which the malicious has the 
privilege to debug

**************************************************************** 
* USERS AFFECTED:                                              * 
* All DB2 systems on all Linux, Unix and Windows platforms at  * 
* service levels from Version 9.7 GA                           * 
* through to Version 9.7 Fix Pack 6.                           * 
**************************************************************** 
* PROBLEM DESCRIPTION:                                         * 
* See Error Description.                                       * 
* See Security Bulletin: Buffer Overflow Vulnerability in IBM  * 
* DB2 SQL/PSM Stored Procedure Infrastructure (CVE-2012-4826). * 
* http://www.ibm.com/support/docview.wss?uid=swg21614536       * 
**************************************************************** 
* RECOMMENDATION:                                              * 
* Upgrade to DB2 Version 9.7 Fix Pack 7.                       * 
****************************************************************

DB2 Version 9.7 Fix Pack 7 for Linux, UNIX, and Windows
 DB2 Version 9.7 Fix Pack 8 for Linux, UNIX, and Windows
 DB2 Version 9.7 Fix Pack 9 for Linux, UNIX, and Windows
 DB2 Version 9.7 Fix Pack 9a for Linux, UNIX, and Windows
 DB2 Version 9.7 Fix Pack 10 for Linux, UNIX, and Windows
 

The complete fix for this problem first appears in DB2 Version 
9.7 Fix Pack 7 and all the subsequent Fix Packs.

not known / see Local fix

Date  - problem reported    :
Date  - problem closed      :
Date  - last modified       :

24.09.2012
18.10.2012
19.12.2012

9.7.FP7