Skip to main content

IC80729: SECURITY: REMOTE ESCALATION OF PRIVILEGE VULNERABILITY IN DAS (CVE-2012-0711).


Fixes are available

DB2 Version 9.7 Fix Pack 6 for Linux, UNIX, and Windows
DB2 Version 9.7 Fix Pack 7 for Linux, UNIX, and Windows
DB2 Version 9.7 Fix Pack 8 for Linux, UNIX, and Windows

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • There is a security vulnerability in the DB2 Administration
Server (DAS) which would allow a malicious user to remotely
exploit it to gain elevated privilege or to cause a denial of
service.

This vulnerability is not applicable to DAS running no the
Windows platform.

This problem was reported to IBM by axtaxt
working with the iDefense Vulnerability Contributor Program
(VCP).

Local fix

  • DB2 installs DAS by default. However, DAS is only required for
using the Control Center tools or performing remote
administration.  If those features are not used then do not
enable DAS.

Problem summary

  • ****************************************************************
* USERS AFFECTED:                                              *
* All DB2 systems on all Linux, Unix and Windows platforms at  *
* service levels Version 9.7 GA  through to Version 9.7 Fix    *
* Pack 5.                                                      *
****************************************************************
* PROBLEM DESCRIPTION:                                         *
* See Error Description.                                       *
****************************************************************
* RECOMMENDATION:                                              *
* Upgrade to DB2 Version 9.7 Fix Pack 6 or see "Local Fix"     *
* portion for other suggestions.                               *
****************************************************************

Problem conclusion

  • The complete fix for this problem first appears in DB2 Version
9.7 Fix Pack 6 and all the subsequent Fix Packs.

Temporary fix

  •  
    • 
  
 
  
Comments
 
  
     
   
  •  
    • 
  
 
  
APAR Information
 
  
 
   
     
    
  • APAR number
    IC80729
    •  
    
  • Reported component name
    DB2 FOR LUW
    •  
    
  • Reported component ID
    DB2FORLUW
    •  
    
  • Reported release
    970
    •  
    
  • Status
    CLOSED PER
    •  
    
  • PE
    NoPE
    •  
    
  • HIPER
    NoHIPER
    •  
    
  • Special Attention
    NoSpecatt
    •  
    
  • Submitted date
    2012-01-09
    •  
    
  • Closed date
    2012-05-30
    •  
    
  • Last modified date
    2012-06-11
    •  
   
 
  
 
  
     
   
  • APAR is sysrouted FROM one or more of the following:
     
     IC80561
     
    •  
   
  • APAR is sysrouted TO one or more of the following:
     
    •  
  
 
  
Fix information
 
  
     
   
  • Fixed component name
    DB2 FOR LUW
    •  
   
  • Fixed component ID
    DB2FORLUW
    •  
  
 
  
Applicable component levels
 
  
     
   
  • R910 PSN
       UP
    •  
   
  • R950 PSN
       UP
    •  
   
  • R970 PSN
       UP
    •  
   
  • R980 PSN
       UP
    •  
  
 
 
 

 









Rate this page:



(0 users)Average rating 





















	
	
	
	
	









	



























Copyright and trademark information



	
IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide.  Other product and service names might be trademarks of IBM or other companies.  A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.































Rate this page:






(0 users)Average rating









Add comments














Document information





	
DB2 for Linux, UNIX and Windows


	




	
Software version:

	9.7

	





	
Reference #:

IC80729






Modified date:

2012-06-11








Translate my page














































 



Content navigation