|
Problem IT20570
|
Status: Closed |
SECURITY: DB2 CLP WILL TRAP IF IT IS PASSED A ROUTINE NAME GREATER THEN THE ALLOWED MAXIMUM LENGTH (CVE-2017-1297).
|
| product: |
DB2 FOR LUW / DB2FORLUW / 970 - DB2 |
| Problem description: |
DB2 Command Line Processor (CLP) background process (db2bp) will
trap if CLP is passed a CALL statement containing a routine name
greater then 386 characters.
See security bulletin for details:
http://www-01.ibm.com/support/docview.wss?uid=swg22004878 |
| Problem Summary: |
****************************************************************
* USERS AFFECTED: *
* All DB2 systems on all Linux, Unix and Windows platforms at *
* service levels Version 9.7 GA through to Version 9.7 Fix *
* Pack 11. *
****************************************************************
* PROBLEM DESCRIPTION: *
* See Error Description *
****************************************************************
* RECOMMENDATION: *
* Upgrade to V10.5 or V11.1. *
**************************************************************** |
| Local Fix: |
Perform length check on routine names in CLP CALL statements to
disallow name length greater then 386 characters. |
| Solution |
|
| Workaround |
not known / see Local fix |
| BUG-Tracking |
forerunner : IT20498
follow-up : |
| Timestamps |
Date - problem reported :
Date - problem closed :
Date - last modified :
| 12.05.2017
21.06.2017
21.06.2017 |
| Problem solved at the following versions (IBM BugInfos) |
|
| Problem solved according to the fixlist(s) of the following version(s) |
