|
Problem IT21458
|
Status: Closed |
SECURITY: DB2 CAN BE USED TO OVERWRITE ARBITRARY FILES OWNED BY DB2 INSTANCE |
| product: |
DB2 FOR LUW / DB2FORLUW / B10 - DB2 |
| Problem description: |
A local unprivileged user can overwrite arbitrary files owned by
the DB2 instance by exploiting Db2. See Security Bulletin for
details:
http://www-01.ibm.com/support/docview.wss?uid=swg22006109 |
| Problem Summary: |
****************************************************************
* USERS AFFECTED: *
* All DB2 systems on all Linux, Unix and Windows platforms at *
* service levels Version 11.1 GA through to Version 11.1 Fix *
* Pack 2. *
****************************************************************
* PROBLEM DESCRIPTION: *
* See Error Description *
****************************************************************
* RECOMMENDATION: *
* Upgrade to DB2 Version 11.1.2.2 iFix001. *
**************************************************************** |
| Local Fix: |
|
| available fix packs: |
Db2 Version 11.1 Mod2 Fix Pack2 iFix001 for Linux, UNIX, and Windows
Db2 Version 11.1 Mod2 Fix Pack2 iFix002 for Linux, UNIX, and Windows
Db2 Version 11.1 Mod 3 Fix Pack 3 for Linux, UNIX, and Windows
Db2 Version 11.1 Mod3 Fix Pack3 iFix001 for Linux, UNIX, and Windows
Db2 Version 11.1 Mod3 Fix Pack3 iFix002 for Linux, UNIX, and Windows
|
| Solution |
The complete fix for this problem first appears in DB2 Version
11.1.2.2 iFix001 and all the subsequent Fix Packs. |
| Workaround |
not known / see Local fix |
| Timestamps |
Date - problem reported :
Date - problem closed :
Date - last modified :
| 14.07.2017
15.03.2018
15.03.2018 |
| Problem solved at the following versions (IBM BugInfos) |
|
| Problem solved according to the fixlist(s) of the following version(s) |
