DB2 - Problem description
Problem IT34966 | Status: Closed |
SECURITY: DB2 EXTERNAL TABLE CREATION IS VULNERABLE TO RACE CONDITION ATTACK (CVE-2020-4885) | |
product: | |
DB2 FOR LUW / DB2FORLUW / B50 - DB2 | |
Problem description: | |
The procedure of DB2 external table creation is vulnerable to race condition of symbol link. Any local user on the system could exploit this vulnerability to change the configuration of DB2. See Security Bulletin for details: https://www.ibm.com/support/pages/node/6466363 | |
Problem Summary: | |
**************************************************************** * USERS AFFECTED: * * All DB2 systems on all Linux, Unix and Windows platforms at * * service levels Version 11.5 GA to 11.5.5 * **************************************************************** * PROBLEM DESCRIPTION: * * See Error Description * **************************************************************** * RECOMMENDATION: * * Upgrade to DB2 Version 11.5.6. See Security Bulletin for * * details. * **************************************************************** | |
Local Fix: | |
Solution | |
Workaround | |
**************************************************************** * USERS AFFECTED: * * All DB2 systems on all Linux, Unix and Windows platforms at * * service levels Version 11.5 GA to 11.5.5 * **************************************************************** * PROBLEM DESCRIPTION: * * See Error Description * **************************************************************** * RECOMMENDATION: * * Upgrade to DB2 Version 11.5.6. See Security Bulletin for * * details. * **************************************************************** | |
Comment | |
The complete fix for this problem first appears in DB2 Version 11.5.6 and all the subsequent Fix Packs. | |
Timestamps | |
Date - problem reported : Date - problem closed : Date - last modified : | 17.11.2020 22.06.2021 23.06.2021 |
Problem solved at the following versions (IBM BugInfos) | |
Problem solved according to the fixlist(s) of the following version(s) |