|
Problem IC72028
|
Status: Geschlossen |
SECURITY: DB2 DAS REMOTE CODE EXECUTION VULNERABILITY |
| Produkt: |
DB2 FOR LUW / DB2FORLUW / 950 - DB2 |
| Problembeschreibung: |
There exists a buffer overflow vulnerability with the DB2
Administrative Server (DAS). The vulnerability can cause a trap
in DAS, causing a denial of service, or execution of
abritrary code.
This problem was reported to IBM by an anonymous researcher
working with TippingPoint's Zero Day Initiative
(http://www.zerodayinitiative.com) |
| Problem-Zusammenfassung: |
****************************************************************
* USERS AFFECTED: *
* All DB2 systems on all Linux, Unix and Windows platforms at *
* service levels from Version 9.5 GA through to Version 9.5 *
* Fix Pack 6. *
****************************************************************
* PROBLEM DESCRIPTION: *
* See Error Description. *
****************************************************************
* RECOMMENDATION: *
* Upgrade to DB2 Version 9.5 Fix Pack 7 or see "Local Fix" *
* portion for other suggestions. *
**************************************************************** |
| Local-Fix: |
If DB2 Administration Server (DAS) is not required then do not
start the DAS server. |
| verfügbare FixPacks: |
DB2 Version 9.5 Fix Pack 8 for Linux, UNIX, and Windows
DB2 Version 9.5 Fix Pack 9 for Linux, UNIX, and Windows
DB2 Version 9.5 Fix Pack 10 for Linux, UNIX, and Windows
|
| Lösung |
The complete fix for this problem first appears in DB2 Version
9.5 Fix Pack 7 and all the subsequent Fix Packs. |
| Workaround |
keiner bekannt / siehe Local-Fix |
| Weitere Daten |
Datum - Problem gemeldet :
Datum - Problem geschlossen :
Datum - der letzten Änderung:
| 19.10.2010
27.01.2011
27.01.2011 |
| Problem behoben ab folgender Versionen (IBM BugInfos) |
9.5.FP7
|
| Problem behoben lt. FixList in der Version |
| 9.1.0.7
|
 |
| 9.5.0.7
|
|
