IBM Support

IZ06977: SECURITY VULNERABILITY IN SYSPROC.NNSTAT.

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • Security vulnerability in NNSTAT procedure which allows any low
    privileged users to overwrite arbitrary files.
    The vulnerability exists in Window platforms only.
    This problem was reported to IBM by Cesar Cerrudo of Application
    Security Inc.
    

Local fix

  • The local fix will be in DB2 V91 fp5
    

Problem summary

  • Users affected: Users of SYSPROC.NNSTAT in WebSphere Federation
    Server
    
    Problem description and summary:
    See error description.
    

Problem conclusion

  • Problem was first fixed in Version 9, FixPak 5 (s080512).  This
    fix should be applied on the federation server.
    

Temporary fix

Comments

APAR Information

  • APAR number

    IZ06977

  • Reported component name

    DB2 UDB ESE AIX

  • Reported component ID

    5765F4100

  • Reported release

    910

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    YesHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2007-10-22

  • Closed date

    2008-06-24

  • Last modified date

    2008-06-24

  • APAR is sysrouted FROM one or more of the following:

    IZ06976

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    DB2 UDB ESE AIX

  • Fixed component ID

    5765F4100

Applicable component levels

  • R810 PSN

       UP

  • R820 PSN

       UP

  • R910 PSN UP

       IZ06977

  • R950 PSN

       UP



Document information

More support for: DB2 for Linux, UNIX and Windows

Software version: 910

Reference #: IZ06977

Modified date: 24 June 2008


Translate this page: