Tivoli Access Manager for e-business customers using Tivoli Directory Server V6.1, it is recommended that DB2 V9 Fixpack 3 NOT be applied.
Flash (Alert)
Abstract
APAR IY98176 included in DB2 version 9 fixpack 3, may affect the ability of the "root" user to start up the IBM Tivoli Directory Server and perform specific DB2 configuration tasks on the supported Unix Platforms.
Content
A security vulnerability resolved by APAR IY98176, provided in DB2 v9 fp3, addresses the issues described by CVE-2007-4275 at cve.mitre.org. This APAR may affect DB2 configuration and start up tasks with the IBM Tivoli Directory Server running as the "root" user. At this time we do not recommend applying this fixpack level.
Preliminary testing results with DB2 v9 fixpack 3, show permission's issues with db2icrt, idscfgdb and starting the ITDS 6.1 server as the "root" user.
Currently Solaris is the only unix platform exhibiting permission issues when running these commands as the "root" user but other unix platforms and functions may be affected as well.
Current Work Around:
For Affected Unix Platforms:
Using ITDS v6.1:
1. idsicrt - let the error show up - no impact
2. idscfgdb - run this command as instance owner (instead of "root")
3. ibmslapd - if running on default ports use this command "su - <db2instance> -c db2start; ibmslapd -I <idsinstance>"
4. idsidrop - run idsucfgdb before idsidrop as the instance owner. then finally run idsidrop as root.
**Note: do not use the GUI configuration tools to configure the instance and database.
Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.
Rate this page
Please take a moment to complete this form to help us better serve you.
