IZ06972: SECURITY VULNERABILITY IN SYSPROC.ADMIN_SP_C

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • Security vulnerability in SYSPROC.ADMIN_SP_C  which allows
    users to load arbitrary library and execute arbitrary code in
    the system.
    The vulnerability exists in Window platforms only.
    This problem was reported to IBM by Martin Rakhmanov of
    Application Security Inc.
    

Local fix

  • The local fix will be in DB2 V8 fix pack 16.
    

Problem summary

  • see problem description
    

Problem conclusion

  • First fixed in DB2 UDB Version 8.2, FixPak 9
    

Temporary fix

Comments

APAR Information

  • APAR number

    IZ06972

  • Reported component name

    DB2 UDB ESE AIX

  • Reported component ID

    5765F4100

  • Reported release

    820

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    YesHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2007-10-21

  • Closed date

    2008-05-02

  • Last modified date

    2008-05-02

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

    IZ06973 IZ06974 IZ06975 IZ07082 IZ07083 IZ07084 IZ07085 IZ07086
    IZ07087 IZ07088 IZ08619 IZ09155 IZ10740 IZ10750 IZ10751 IZ10752
    IZ10753 IZ10809 IZ10916 IZ11227 IZ11396

Fix information

  • Fixed component name

    DB2 UDB ESE AIX

  • Fixed component ID

    5765F4100

Applicable component levels

  • R910 PSY

       UP

  • R950 PSY

       UP



Rate this page:

(0 users)Average rating

Add comments

Document information


More support for:

DB2 for Linux, UNIX and Windows

Software version:

820

Reference #:

IZ06972

Modified date:

2008-05-02

Translate my page

Machine Translation

Content navigation