|
Problem IT08075
|
Status: Closed |
SECURITY: DB2 CONTAINS A FILE DISCLOSURE VULNERABILITY IN THE DATABASE AUTOMATED MAINTENANCE FEATURE (CVE-2015-1883) |
| product: |
DB2 FOR LUW / DB2FORLUW / A50 - DB2 |
| Problem description: |
IBM DB2 contains a file disclosure vulnerability in the database
automated maintenance feature. A remote, authenticated DB2 user
with elevated privilege could exploit this vulnerability by
manipulating an automated maintenance policy stored procedure to
view any files owned by the DB2 fenced ID on Unix/Linux or
Windows administrator on Windows. |
| Problem Summary: |
****************************************************************
* USERS AFFECTED: *
* All DB2 systems on all Linux, Unix and Windows platforms at *
* service levels Version 10.5 GA through to Version 10.5 Fix *
* Pack 5. *
****************************************************************
* PROBLEM DESCRIPTION: *
* See Error Description *
****************************************************************
* RECOMMENDATION: *
* Upgrade to DB2 version 10.5 fix pack 6. *
* Refer to security bulletin for details: *
* http://www-01.ibm.com/support/docview.wss?uid=swg21698308 *
**************************************************************** |
| Local Fix: |
|
| Solution |
First fixed in DB2 version 10.5 fix pack 6 |
| Workaround |
not known / see Local fix |
| Timestamps |
Date - problem reported :
Date - problem closed :
Date - last modified :
| 01.04.2015
27.08.2015
27.08.2015 |
| Problem solved at the following versions (IBM BugInfos) |
|
| Problem solved according to the fixlist(s) of the following version(s) |
| 10.5.0.6
|
 |
