Skip to main content


IZ32358: SECURITY: Unauthorized access can be gained when using DAS command

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • DAS contains a security vulnerability that could allow a local
non-privileged user to gain write access to an arbitrary file.
Gaining unauthorized access to root is possible.

Local fix

  • 



Problem summary


    

  • Unauthorized access can be gained when using DAS command

    



Problem conclusion


    

  • Problem first fixed in v9.5 fixpak 3

    



Temporary fix


    

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    IZ32358
    • 

  • Reported component name
    DB2 UDB ESE AIX
    • 

  • Reported component ID
    5765F4100
    • 

  • Reported release
    950
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    YesHIPER
    • 

  • Special Attention
    NoSpecatt
    • 

  • Submitted date
    2008-09-15
    • 

  • Closed date
    2009-08-20
    • 

  • Last modified date
    2009-08-20
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    
IZ32355
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    DB2 UDB ESE AIX
    • 

  • Fixed component ID
    5765F4100
    • 



Applicable component levels


    

  • R950  PSY  UP
       G
    • 








		


		
Copyright and trademark information

		

			
IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide.  Other product and service names might be trademarks of IBM or other companies.  A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.

		

		


		

		
Rate this page

		

			
Please take a moment to complete this form to help us better serve you.

		

		
		

		
		
		
		
		
		
		

		

			
This material provides me with the information I need.

		

		

		

			 

			 

			 

			 

			 

		

		

		

  		
		

		

			
This material is clear and easy to understand.

		

		

		

			 

			 

			 

			 

			 

		

		

		

  		

		

		

			
Did the information help you to achieve your goal?

		

		

		

			
			
			
		

		

		


		

		

			
What updates, improvements, or related information would you like to see in this document?

		

		

			

		

		


		

			
Your response will be used to improve our document content. Requests for assistance, if applicable, should be submitted through your normal support channel as we cannot respond from this site.

		

		

			
Input the verification number to submit feedback:

		

		

			


		

		

		

			

		

		

		


		

		
		





Close [x]









   



Maintenance Window
 








     

  • The IBM Technical support pages, including the Downloads and Drivers Finders will be temporarily unavailable for up to 4 hours due to planned maintenance. This will take place between Saturday November 14, 2009 9:00 PM ET and Sunday, November 15, 2009 7:00 AM ET. During the maintenance, you will not be able to search or download from these pages.
    • 






   
















Close [x]









   



Unscheduled Maintenance Window









There is no unscheduled maintenance scheduled at this time.





   










		

			


			

				





		

		
		


		
Document information

		

			
Product categories:

		
		
Software
Data Management
Data Servers (Database Management Systems)
DB2 for Linux, UNIX and Windows

		
		

		
			
Software version:

			
950

			

		

		

		
			
Reference #:

			

		IZ32358
			

			

		

			
IBM Group:

			
Software Group

			

			
Modified date:

			
2009-08-20

		

		


		
Translate my page

		

			

			

			
			

			
			
			
			

		

		


		
Rate this page

		

			
		

		


		

		
			
Availability Notices