|
Problem IC92495
|
Status: Closed |
SECURITY: STACK BUFFER OVERFLOW VULNERABILITY IN DB2AUD AND DB2FLACC (CVE-2013-3475). |
| product: |
DB2 FOR LUW / DB2FORLUW / 970 - DB2 |
| Problem description: |
The programs db2aud and db2flacc contain a stack buffer overflow
vulnerability which an attacker could exploit to gain DB2
instance owner privilege. |
| Problem Summary: |
****************************************************************
* USERS AFFECTED: *
* All DB2 systems on all Linux and Unix platforms at service *
* levels Version 9.7 GA through to Version 9.7 Fix Pack 8. *
****************************************************************
* PROBLEM DESCRIPTION: *
* See Error Description *
****************************************************************
* RECOMMENDATION: *
* Upgrade to DB2 Version 9.7 Fix Pack 9. *
**************************************************************** |
| Local Fix: |
|
| available fix packs: |
DB2 Version 9.7 Fix Pack 9 for Linux, UNIX, and Windows
DB2 Version 9.7 Fix Pack 9a for Linux, UNIX, and Windows
DB2 Version 9.7 Fix Pack 10 for Linux, UNIX, and Windows
|
| Solution |
The complete fix for this problem first appears in DB2 Version
9.7 Fix Pack 9 and all the subsequent Fix Packs.
See Security Bulletin: Privilege escalation vulnerability in IBM
DB2's Audit Facility (CVE-2013-3475).
http://www-01.ibm.com/support/docview.wss?uid=swg21639355 |
| Workaround |
not known / see Local fix |
| Timestamps |
Date - problem reported :
Date - problem closed :
Date - last modified :
| 22.05.2013
16.12.2013
17.02.2014 |
| Problem solved at the following versions (IBM BugInfos) |
9.7.FP9
|
| Problem solved according to the fixlist(s) of the following version(s) |
| 9.7.0.9
|
 |
| 9.7.0.9
|
|
