Security Bulletin: Executing a query with an OLAP specification on the IBM InfoSphere Balanced Warehouse C3000, C4000, D5100, IBM Smart Analytics System 1050, 2050, 5600, 5710, 7600 causes the DB2 server to terminate database connections (CVE-2013-6717)

Security Bulletin


Summary

A vulnerability in IBM DB2 could allow a remote, authenticated user to cause a DB2 LUW server to terminate all connections to a database and deactivate the database. This only affects the database which the user is connected to.

Vulnerability Details

CVE ID: CVE-2013-6717
DESCRIPTION:

The IBM InfoSphere Balanced Warehouse C3000, C4000 and D5100, IBM Smart Analytics System 1050, 2050, 5600, 5710, and 7600 ships with either DB2 9.7 or DB2 10.1. There is a security vulnerability which could allow a remote, authenticated user to exploit a vulnerability in the DB2 OLAP query engine to cause the DB2 server instance to terminate all connections to a database and deactivate the database. This only affects the database that the user is connected to. The vulnerability does not shut down the DB2 server instance.

CVSS:
CVSS Base Score: 3.5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/89116 for the current score
CVSS Environmental Score*: Undefined
CVSS String: (AV:N/AC:M/Au:S/C:N/I:N/A:P)

Affected Products

IBM InfoSphere Balanced Warehouse C3000
IBM InfoSphere Balanced Warehouse C4000
IBM InfoSphere Balanced Warehouse D5100
IBM Smart Analytics System 1050
IBM Smart Analytics System 2050
IBM Smart Analytics System 5600
IBM Smart Analytics System 5710
IBM Smart Analytics System 7600

Remediation/Fixes

Find your product in the table below and use the link in the Download URL column to find the patch provided by IBM.

For more information about IBM registration IDs, see the IBM Registration FAQ page.


Product Version APAR Download URL
IBM InfoSphere Balanced Warehouse C3000
IBM InfoSphere Balanced Warehouse C4000
IBM InfoSphere Balanced Warehouse D5100
IBM Smart Analytics System 1050
IBM Smart Analytics System 2050
IBM Smart Analytics System 5600 V1
IBM Smart Analytics System 5600 V2
DB2 9.7 IC95641 DB2 9.7 FP9
IBM Smart Analytics System 5600 V3 DB2 9.7 IC95641 Contact technical support.
IBM Smart Analytics System 5600 V3 DB2 10.1 IC97737 Contact technical support.
IBM Smart Analytics System 5710
IBM Smart Analytics System 7600
DB2 9.7 IC95641 DB2 9.7 FP9

Contact Technical Support:
In the United States and Canada dial 1-800-IBM-SERV
View the support contacts for other countries outside of the United States.
Electronically open a Service Request with DB2 technical support.

Workarounds/Mitigations

None

References:

Complete CVSS Guide
On-line Calculator V2

Related information

IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog

Change History

January 21, 2014: Original version published.

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Note: According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.


Cross reference information
Segment Product Component Platform Version Edition
Information Management InfoSphere Balanced Warehouse Balanced Warehouse C Class - C4000 Linux, Windows 9.7
Information Management InfoSphere Balanced Warehouse Balanced Warehouse D Class - D5100 Linux 9.7
Information Management IBM Smart Analytics System IBM Smart Analytics System 1050 Linux, Windows 9.7
Information Management IBM Smart Analytics System IBM Smart Analytics System 2050 Linux, Windows 9.7
Information Management IBM Smart Analytics System IBM Smart Analytics System 5600 Linux 9.7, 10.1
Information Management IBM Smart Analytics System IBM Smart Analytics System 5710 Linux 9.7
Information Management IBM Smart Analytics System IBM Smart Analytics System 7600 AIX 6.1 9.7
Information Management InfoSphere Balanced Warehouse Balanced Warehouse C Class - C3000 Linux, Windows 9.7

Rate this page:

(0 users)Average rating

Document information


More support for:

IBM Smart Analytics System

Software version:

9.7, 10.1

Operating system(s):

AIX 6.1, Linux

Reference #:

1659490

Modified date:

2014-01-21

Translate my page

Machine Translation

Content navigation