|
Problem IC65922
|
Status: Geschlossen |
SECURITY: BUFFER OVERRUN IN REPEAT UDF (CVE-2010-0462) |
| Produkt: |
DB2 FOR LUW / DB2FORLUW / 910 - DB2 |
| Problembeschreibung: |
The scalar function REPEAT contains a buffer overrun defect that
malicious user could manipulate, causing the DB2 server to trap.
A valid database connection is required to exploit the
vulnerability. |
| Problem-Zusammenfassung: |
****************************************************************
* USERS AFFECTED: *
* All DB2 systems on all Linux, Unix and Windows platforms *
* atservice levels from Version 9.1 GA through to Version *
* 9.1Fix Pack 9. *
****************************************************************
* PROBLEM DESCRIPTION: *
* See error description. *
****************************************************************
* RECOMMENDATION: *
* Upgrade to DB2 Version 9.1 Fix Pack 9 or see "Local *
* Fix"portion for other suggestions. *
**************************************************************** |
| Local-Fix: |
It is not possible to revoke EXECUTE privilege on the scalar
function REPEAT from PUBLIC.
To minimize the exposure, revoke CONNECT privilege from PUBLIC
and only grant CONNECT privilege to trusted users. |
| verfügbare FixPacks: |
DB2 Version 9.1 Fix Pack 9 for Linux, UNIX and Windows
DB2 Version 9.1 Fix Pack 10 for Linux, UNIX and Windows
DB2 Version 9.1 Fix Pack 11 for Linux, UNIX and Windows
DB2 Version 9.1 Fix Pack 12 for Linux, UNIX and Windows
|
| Lösung |
The complete fix for this problem first appears in DB2 Version
9.1 Fix Pack 9 and all the subsequent Fix Packs. |
| Workaround |
keiner bekannt / siehe Local-Fix |
| Bug-Verfolgung |
Vorgänger : APAR is sysrouted TO one or more of the following: IC65933 IC65935
Nachfolger : |
| Weitere Daten |
Datum - Problem gemeldet :
Datum - Problem geschlossen :
Datum - der letzten Änderung:
| 28.01.2010
15.04.2010
17.08.2010 |
| Problem behoben ab folgender Versionen (IBM BugInfos) |
9.1.FP9
|
| Problem behoben lt. FixList in der Version |
| 9.1.0.9
|
 |
