DB2 - Problem description
Problem IC95641 | Status: Closed |
SECURITY: QUERY WITH OLAP SPECIFICATION CAUSES DB2 SERVER TO SHUTDOWN DATABASE. (CVE-2013-6717) | |
product: | |
DB2 FOR LUW / DB2FORLUW / 970 - DB2 | |
Problem description: | |
Executing a query with an OLAP specification may cause the DB2 server to shutdown the database and terminate all connections to the database however the DB2 instance does not shutdown. The stack includes this function: sqlsInitKeyfd__FP8sqeAgentP12SQLS_SORTDEFP10SQLD_FIELDP10SQLS_KE YFDP11SQLD_COLUMNPii + 0xA40 db2diag would report the following: 2013-05-29-14.25.18.182300+600 I10400222A1217 LEVEL: Severe PID : 12976130 TID : 50892 PROC : db2sysc 0 INSTANCE: db2inst1 NODE : 000 DB : ABCABC APPHDL : 0-411 APPID: 164.97.57.31.1431.130529042502 AUTHID : db2inst1 EDUID : 50892 EDUNAME: db2agent (ABCABC) 0 FUNCTION: DB2 UDB, sort/list services, sqlsInitKeyfd, probe:35 MESSAGE : ZRC=0x8704002F=-2029780945=SQLD_PARM "PARAMETER ERROR" DIA8544C An invalid data type was encountered, the value was "". DATA #1 : String, 29 bytes Unknown keypart type in sort. DATA #2 : SQLS_SORTKEYDEF, PD_TYPE_SQLS_SORTKEYDEF, 24 bytes SQLS_SORTKEYDEF: Address:700000010addf68, Size:x18, Size:24 x0000 collation NULL x0008 keyPartID 0 x000A sortkdefFlags x0000 x000C sortkdefIntFlags x0000 x000E codepage 0 x0012 keyPart SQLD_FIELD: Address:700000010addf7a, Size:x6, Size:6 x0000 type BOOLEAN x0002 length 1 x0004 nullable x2 - SQLZ_NONULLS | |
Problem Summary: | |
**************************************************************** * USERS AFFECTED: * * ALL * **************************************************************** * PROBLEM DESCRIPTION: * * See Error Description * **************************************************************** * RECOMMENDATION: * * Upgrade to DB2 Version 9.7 Fixpack 9 * **************************************************************** | |
Local Fix: | |
N/A | |
available fix packs: | |
DB2 Version 9.7 Fix Pack 9a for Linux, UNIX, and Windows | |
Solution | |
Security Bulletin: Executing a query with an OLAP specification causes the DB2 server to terminate database connections. (CVE-2013-6717) http://www.ibm.com/support/docview.wss?uid=swg21660041 | |
Workaround | |
not known / see Local fix | |
BUG-Tracking | |
forerunner : APAR is sysrouted TO one or more of the following: IC97737 IC97738 IC97762 follow-up : | |
Timestamps | |
Date - problem reported : Date - problem closed : Date - last modified : | 31.08.2013 16.12.2013 16.12.2013 |
Problem solved at the following versions (IBM BugInfos) | |
9.7.FP9 | |
Problem solved according to the fixlist(s) of the following version(s) | |
9.7.0.9 | |
9.7.0.9 |