IZ06973: SECURITY VULNERABILITY IN SYSPROC.ADMIN_SP_C

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • Security vulnerability in SYSPROC.ADMIN_SP_C which allows users
    to load arbitrary library and execute arbitrary code in the
    system.
    The vulnerability exists in Window platforms only.
    This problem was reported to IBM by Martin Rakhmanov of
    Application Security Inc.
    

Local fix

  • The local fix will be in DB2 V9.1 fp5
    

Problem summary

  • Users affected: Users of SYSPROC.NNSTAT in WebSphere Federation
    Server
    
    Problem description and summary:
    See error description.
    

Problem conclusion

  • Problem was first fixed in Version 9, FixPak 5 (s080512).  This
    fix should be applied on the federation server.
    

Temporary fix

Comments

APAR Information

  • APAR number

    IZ06973

  • Reported component name

    DB2 UDB ESE AIX

  • Reported component ID

    5765F4100

  • Reported release

    910

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    YesHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2007-10-21

  • Closed date

    2008-06-24

  • Last modified date

    2009-01-06

  • APAR is sysrouted FROM one or more of the following:

    IZ06972

  • APAR is sysrouted TO one or more of the following:

    IZ10917 IZ11228

Fix information

  • Fixed component name

    DB2 UDB ESE AIX

  • Fixed component ID

    5765F4100

Applicable component levels

  • R810 PSN

       UP

  • R820 PSN

       UP

  • R910 PSN UP

       IZ06973

  • R950 PSN

       UP



Rate this page:

(0 users)Average rating

Add comments

Document information


More support for:

DB2 for Linux, UNIX and Windows

Software version:

910

Reference #:

IZ06973

Modified date:

2009-01-06

Translate my page

Machine Translation

Content navigation