A fix is available
APAR status
Closed as program error.
Error description
DB2 is vulnerable to a stack buffer overflow, caused by improper bounds checking by the handling of the ALTER MODULE statement. A remote attacker could overflow a buffer and execute arbitrary code on the system with DB2 instance owner privileges cause the server to crash.
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: * * All DB2 systems on all Linux, Unix and Windows platforms at * * service levels Version 10.1 GA through to Version 10.1 Fix * * Pack 4. * **************************************************************** * PROBLEM DESCRIPTION: * * See Error Description * **************************************************************** * RECOMMENDATION: * * Upgrade to DB2 Version 10.1 Fix Pack 5. * * Refer to remediation in security bulletin: * * http://www-01.ibm.com/support/docview.wss?uid=swg21681631 * ****************************************************************
Problem conclusion
The complete fix for this problem first appears in DB2 Version 10.1 Fix Pack 5.
Temporary fix
Comments
APAR Information
APAR number
IT02593
Reported component name
DB2 FOR LUW
Reported component ID
DB2FORLUW
Reported release
A10
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2014-06-16
Closed date
2015-07-13
Last modified date
2015-07-13
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
DB2 FOR LUW
Fixed component ID
DB2FORLUW
Applicable component levels
RA10 PSN
UP
[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSEPGG","label":"DB2 for Linux, UNIX and Windows"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"10.1","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}}]
Document Information
Modified date:
13 July 2015