DB2 FOR LUW / DB2FORLUW / A10 - DB2

A stack buffer overflow vulnerability in SQL/Persistent Stored 
Modules (PSM) debugging infrastructure could be exploited to 
attain remote code execution. 
 
To exploit the vulnerability the malicious user would need: 
1) Valid credential to connect to database 
2) CONNECT privilege on database 
3) A PSM stored procedure to which the malicious has the 
privilege to debug

**************************************************************** 
* USERS AFFECTED:                                              * 
* All DB2 systems on all Linux, Unix and Windows platforms at  * 
* service levels from Version V10.1 GA                         * 
* through to Version 10.1 Fix Pack 1.                          * 
**************************************************************** 
* PROBLEM DESCRIPTION:                                         * 
* DB2 V10.1 FP1 contains an incomplete fix for APAR IC84755.   * 
* This APAR completes the fix.                                 * 
* See Security Bulletin: Buffer Overflow Vulnerability in IBM  * 
* DB2 SQL/PSM Stored Procedure Infrastructure (CVE-2012-4826). * 
* http://www.ibm.com/support/docview.wss?uid=swg21614536       * 
**************************************************************** 
* RECOMMENDATION:                                              * 
* Upgrade to DB2 Version V10.1 Fix Pack 2.                     * 
****************************************************************

DB2 Version 10.1 Fix Pack 2 for Linux, UNIX, and Windows
 DB2 Version 10.1 Fix Pack 3 for Linux, UNIX, and Windows
 DB2 Version 10.1 Fix Pack 4 for Linux, UNIX, and Windows
 DB2 Version 10.1 Fix Pack 3a for Linux, UNIX, and Windows
 DB2 Version 10.1 Fix Pack 6 for Linux, UNIX, and Windows
 

The complete fix for this problem first appears in DB2 Version 
V10.1 Fix Pack 2 and all the subsequent Fix Packs.

not known / see Local fix

Date  - problem reported    :
Date  - problem closed      :
Date  - last modified       :

24.09.2012
13.12.2012
13.12.2012