IC62501: Security: db2licm utility vulnerability

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • The db2licm utility contains a security vulnerability .
    

Local fix

  • The db2licm command is for managing DB2 licenses.  DB2 will not
    be affected if all execute privileges are removed from the
    db2licm command.  Restore execute privilege only when it
    becomes necessary to manage DB2 licenses. Remember to remove
    the execute privileges once you are done.
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED:                                              *
    * All DB2 systems on all Linux, Unix and Windows platforms at  *
    * service levels from Version 9.5 GA through to Version 9.5    *
    * Fix Pack 4.                                                  *
    ****************************************************************
    * PROBLEM DESCRIPTION:                                         *
    * See Error Description.                                       *
    ****************************************************************
    * RECOMMENDATION:                                              *
    * Upgrade to DB2 Version 9.5 Fix Pack 5 or the latest          *
    * recommended fix pack,  or see the "Local Fix"                *
    * portion for other suggestions.                               *
    ****************************************************************
    
    Download DB2 Fix Packs by Version:
    http://www.ibm.com/support/docview.wss?rs=71&uid=swg27007053
    

Problem conclusion

  • The complete fix for this problem first appears in DB2 Version
    9.5 Fix Pack 5 and all the subsequent Fix Packs.
    

Temporary fix

Comments

APAR Information

  • APAR number

    IC62501

  • Reported component name

    DB2 FOR LUW

  • Reported component ID

    DB2FORLUW

  • Reported release

    950

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2009-08-12

  • Closed date

    2009-12-15

  • Last modified date

    2010-03-22

  • APAR is sysrouted FROM one or more of the following:

    IC62476

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    DB2 FOR LUW

  • Fixed component ID

    DB2FORLUW

Applicable component levels

  • R950 PSN

       UP



Rate this page:

(0 users)Average rating

Document information


More support for:

DB2 for Linux, UNIX and Windows

Software version:

9.5

Reference #:

IC62501

Modified date:

2010-03-22

Translate my page

Machine Translation

Content navigation