IC97738: SECURITY: QUERY WITH OLAP SPECIFICATION CAUSES DB2 SERVER TO SHUTDOWN DATABASE. (CVE-2013-6717)

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • Executing a query with an OLAP specification may cause the DB2
    server to shutdown the database and terminate all connections to
    the database however the DB2 instance does not shutdown.
    
     The stack includes this function:
    
    sqlsInitKeyfd__FP8sqeAgentP12SQLS_SORTDEFP10SQLD_FIELDP10SQLS_KE
    YFDP11SQLD_COLUMNPii + 0xA40
    
    db2diag would report the following:
    
     2013-05-29-14.25.18.182300+600 I10400222A1217     LEVEL: Severe
    PID     : 12976130             TID  : 50892       PROC : db2sysc
    0
    INSTANCE: db2inst1             NODE : 000         DB   : ABCABC
    APPHDL  : 0-411                APPID:
    164.97.57.31.1431.130529042502
    AUTHID  : db2inst1
    EDUID   : 50892                EDUNAME: db2agent (ABCABC) 0
    FUNCTION: DB2 UDB, sort/list services, sqlsInitKeyfd, probe:35
    MESSAGE : ZRC=0x8704002F=-2029780945=SQLD_PARM "PARAMETER ERROR"
              DIA8544C An invalid data type was encountered, the
    value was "".
    DATA #1 : String, 29 bytes
    Unknown keypart type in sort.
    DATA #2 : SQLS_SORTKEYDEF, PD_TYPE_SQLS_SORTKEYDEF, 24 bytes
    
    SQLS_SORTKEYDEF: Address:700000010addf68, Size:x18, Size:24
       x0000        collation                     NULL
       x0008        keyPartID                     0
       x000A        sortkdefFlags                 x0000
       x000C        sortkdefIntFlags              x0000
       x000E        codepage                      0
       x0012        keyPart
          SQLD_FIELD: Address:700000010addf7a, Size:x6, Size:6
             x0000  type                          BOOLEAN
             x0002  length                        1
             x0004  nullable                      x2
                      - SQLZ_NONULLS
    

Local fix

  • N/A
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED:                                              *
    * ALL                                                          *
    ****************************************************************
    * PROBLEM DESCRIPTION:                                         *
    * See Error Description                                        *
    ****************************************************************
    * RECOMMENDATION:                                              *
    * Upgrade to DB2 version 10.5 fix pack 3                       *
    ****************************************************************
    

Problem conclusion

  • Frst fixed in DB2 version 10.5 fix pack 3
    

Temporary fix

Comments

APAR Information

  • APAR number

    IC97738

  • Reported component name

    DB2 FOR LUW

  • Reported component ID

    DB2FORLUW

  • Reported release

    A50

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2013-11-18

  • Closed date

    2014-02-28

  • Last modified date

    2014-02-28

  • APAR is sysrouted FROM one or more of the following:

    IC95641

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    DB2 FOR LUW

  • Fixed component ID

    DB2FORLUW

Applicable component levels

  • RA50 PSN

       UP



Rate this page:

(0 users)Average rating

Document information


More support for:

DB2 for Linux, UNIX and Windows

Software version:

10.5

Reference #:

IC97738

Modified date:

2014-02-28

Translate my page

Machine Translation

Content navigation