IBM Support

IZ06976: SECURITY VULNERABILITY IN SYSPROC.NNSTAT.

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • Security vulnerability in NNSTAT procedure which allows any low
    privileged users to overwrite arbitrary files.
    The vulnerability exists in Window platforms only.
    This problem was reported to IBM by Cesar Cerrudo of Application
    Security Inc.
    

Local fix

  • The local fix will be in DB2 V8 fixpak 16.
    

Problem summary

  • see problem description
    

Problem conclusion

  • First fixed in DB2 UDB Version 8.2, FixPak 9
    

Temporary fix

Comments

APAR Information

  • APAR number

    IZ06976

  • Reported component name

    DB2 UDB ESE AIX

  • Reported component ID

    5765F4100

  • Reported release

    820

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    YesHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2007-10-22

  • Closed date

    2008-05-02

  • Last modified date

    2008-05-02

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

    IZ06977 IZ10776 IZ10777

Fix information

  • Fixed component name

    DB2 UDB ESE AIX

  • Fixed component ID

    5765F4100

Applicable component levels

  • R910 PSY

       UP

  • R950 PSY

       UP



Document information

More support for: DB2 for Linux, UNIX and Windows

Software version: 820

Reference #: IZ06976

Modified date: 02 May 2008


Translate this page: