|
Problem IT02593
|
Status: Closed |
Security: DB2 contains a denial of service vulnerability in ALTER MODULE statement handling. (CVE-2014-3094) |
| product: |
DB2 FOR LUW / DB2FORLUW / A10 - DB2 |
| Problem description: |
DB2 is vulnerable to a stack buffer overflow, caused by improper
bounds checking by the handling of the ALTER MODULE statement. A
remote attacker could overflow a buffer and execute arbitrary
code on the system with DB2 instance owner privileges cause the
server to crash. |
| Problem Summary: |
****************************************************************
* USERS AFFECTED: *
* All DB2 systems on all Linux, Unix and Windows platforms at *
* service levels Version 10.1 GA through to Version 10.1 Fix *
* Pack 4. *
****************************************************************
* PROBLEM DESCRIPTION: *
* See Error Description *
****************************************************************
* RECOMMENDATION: *
* Upgrade to DB2 Version 10.1 Fix Pack 5. *
* Refer to remediation in security bulletin: *
* http://www-01.ibm.com/support/docview.wss?uid=swg21681631 *
**************************************************************** |
| Local Fix: |
|
| Solution |
The complete fix for this problem first appears in DB2 Version
10.1 Fix Pack 5. |
| Workaround |
not known / see Local fix |
| Timestamps |
Date - problem reported :
Date - problem closed :
Date - last modified :
| 16.06.2014
13.07.2015
13.07.2015 |
| Problem solved at the following versions (IBM BugInfos) |
|
| Problem solved according to the fixlist(s) of the following version(s) |
| 10.1.0.5
|
 |
