IBM Support

IZ10776: SECURITY VULNERABILITY IN SYSPROC.NNSTAT.

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • Security vulnerability in NNSTAT procedure which allows any low
    privileged users to overwrite arbitrary files.
    The vulnerability exists in Window platforms only.
    This problem was reported to IBM by Cesar Cerrudo of
    ApplicationSecurity Inc.
    

Local fix

Problem summary

  • Users affected: Users of DB2 Homogeneous Federation Feature or
    WebSphere Federation Server
    
    Problem description and summary:
    See error description.
    

Problem conclusion

  • Problem was first fixed in Version 9.5, FixPak 1 (s080328).
    This fix should be applied on the federation server.
    

Temporary fix

Comments

APAR Information

  • APAR number

    IZ10776

  • Reported component name

    DB2 UDB ESE AIX

  • Reported component ID

    5765F4100

  • Reported release

    950

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2007-12-11

  • Closed date

    2008-04-22

  • Last modified date

    2008-05-12

  • APAR is sysrouted FROM one or more of the following:

    IZ06976

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    DB2 UDB ESE AIX

  • Fixed component ID

    5765F4100

Applicable component levels

  • R810 PSN

       UP

  • R820 PSN

       UP

  • R910 PSN

       UP

  • R950 PSN

       UP



Document information

More support for: DB2 for Linux, UNIX and Windows

Software version: 950

Reference #: IZ10776

Modified date: 12 May 2008


Translate this page: