home clear 64x64
en blue 200x116 de orange 200x116 info letter User
suche 36x36
Latest versionsfixlist
11.1.0.7 FixList
10.5.0.9 FixList
10.1.0.6 FixList
9.8.0.5 FixList
9.7.0.11 FixList
9.5.0.10 FixList
9.1.0.12 FixList
Have problems? - contact us.
Register for free anmeldung-x26
Contact form kontakt-x26

DB2 - Problem description

Problem IC97737 Status: Closed

SECURITY: QUERY WITH OLAP SPECIFICATION CAUSES DB2 SERVER TO SHUTDOWN
DATABASE. (CVE-2013-6717)

product:
DB2 FOR LUW / DB2FORLUW / A10 - DB2
Problem description:
Executing a query with an OLAP specification may cause the DB2 
server to shutdown the database and terminate all connections to 
the database however the DB2 instance does not shutdown. 
 
 The stack includes this function: 
 
sqlsInitKeyfd__FP8sqeAgentP12SQLS_SORTDEFP10SQLD_FIELDP10SQLS_KE 
YFDP11SQLD_COLUMNPii + 0xA40 
 
db2diag would report the following: 
 
 2013-05-29-14.25.18.182300+600 I10400222A1217     LEVEL: Severe 
PID     : 12976130             TID  : 50892       PROC : db2sysc 
0 
INSTANCE: db2inst1             NODE : 000         DB   : ABCABC 
APPHDL  : 0-411                APPID: 
164.97.57.31.1431.130529042502 
AUTHID  : db2inst1 
EDUID   : 50892                EDUNAME: db2agent (ABCABC) 0 
FUNCTION: DB2 UDB, sort/list services, sqlsInitKeyfd, probe:35 
MESSAGE : ZRC=0x8704002F=-2029780945=SQLD_PARM "PARAMETER ERROR" 
          DIA8544C An invalid data type was encountered, the 
value was "". 
DATA #1 : String, 29 bytes 
Unknown keypart type in sort. 
DATA #2 : SQLS_SORTKEYDEF, PD_TYPE_SQLS_SORTKEYDEF, 24 bytes 
 
SQLS_SORTKEYDEF: Address:700000010addf68, Size:x18, Size:24 
   x0000        collation                     NULL 
   x0008        keyPartID                     0 
   x000A        sortkdefFlags                 x0000 
   x000C        sortkdefIntFlags              x0000 
   x000E        codepage                      0 
   x0012        keyPart 
      SQLD_FIELD: Address:700000010addf7a, Size:x6, Size:6 
         x0000  type                          BOOLEAN 
         x0002  length                        1 
         x0004  nullable                      x2 
                  - SQLZ_NONULLS
Problem Summary:
**************************************************************** 
* USERS AFFECTED:                                              * 
* All DB2 systems on all Linux, Unix and Windows platforms at  * 
* service levels Version 10.1 GA  through to Version 10.1 Fix  * 
* Pack 3.                                                      * 
**************************************************************** 
* PROBLEM DESCRIPTION:                                         * 
* See Error Description                                        * 
**************************************************************** 
* RECOMMENDATION:                                              * 
* See security bulletin:                                       * 
* http://www.ibm.com/support/docview.wss?uid=swg21660041       * 
****************************************************************
Local Fix:
N/A
available fix packs:
DB2 Version 10.1 Fix Pack 4 for Linux, UNIX, and Windows
 DB2 Version 10.1 Fix Pack 3a for Linux, UNIX, and Windows
 DB2 Version 10.1 Fix Pack 6 for Linux, UNIX, and Windows
Solution
Security Bulletin: Executing a query with an OLAP specification 
causes the DB2 server to terminate database connections. 
(CVE-2013-6717) 
http://www.ibm.com/support/docview.wss?uid=swg21660041
Workaround
not known / see Local fix
Timestamps
Date  - problem reported    :
Date  - problem closed      :
Date  - last modified       :

18.11.2013
03.06.2014
06.06.2014
Problem solved at the following versions (IBM BugInfos)


Problem solved according to the fixlist(s) of the following version(s)


10.1.0.4

FixList