Fixes are available
APAR status
Closed as program error.
Error description
Due to the fix for security APAR IT25813 wsdbu01349804 [SECURITY: ADMINISTRATIVE TASK SCHEDULER IS VULNERABLE TO A PRIVILEGE ESCALATION], customer receives -607 errors when trying execute ATS stored procedure tasks due to ATS package using an authorization ID other than SYSIBM. The affected ATS procedures are SYSPROC.ADMIN_TASK_ADD/ADMIN_TASK_REMOVE/ADMIN_TASK_UPDATE. The current authorization ID for the ATS package can be verified by issuing the following SQL statement and looking at the BOUNDBY value: "SELECT PKGSCHEMA, PKGNAME, BOUNDBY FROM SYSCAT.PACKAGES WHERE PKGNAME LIKE 'ATS%'" The value of the BOUNDBY value can be changed away from SYSIBM through explicit binding of the db2ats_sps.bnd or db2ubind.lst files. If the bind of the db2ats_sps.bnd file is successful, the BOUNDBY will be changed to the current session authorization ID. If the bind fails with a -607 error, then the BOUNDBY value will not be changed and ATS processing will not be affected. This APAR will implement logic to have Db2 automatically validate and, if necessary, restore the authorization ID for ATS when an ATS stored procedure is invoked. Note that attempts by customer to bind the db2ats_sps.bnd file when the ATS control tables exist in the database will still continue to fail with a -607 error even after applying this APAR. This is the new, expected behaviour. The customer may receive the following error during a bind: SQL0082C An error has occurred which has terminated processing.
Local fix
None known.
Problem summary
**************************************************************** * USERS AFFECTED: * * ALL * **************************************************************** * PROBLEM DESCRIPTION: * * See Error Description * **************************************************************** * RECOMMENDATION: * * Upgrade to Db2 11.1 Mod 4 Fixpack 4 iFix 001 or higher * ****************************************************************
Problem conclusion
First fixed in Db2 11.1 Mod 4 Fixpack 4 iFix 001
Temporary fix
Comments
APAR Information
APAR number
IT27409
Reported component name
DB2 FOR LUW
Reported component ID
DB2FORLUW
Reported release
B10
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2018-12-18
Closed date
2019-03-07
Last modified date
2019-08-01
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
DB2 FOR LUW
Fixed component ID
DB2FORLUW
Applicable component levels
RB10 PSN
UP
[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSEPGG","label":"DB2 for Linux- UNIX and Windows"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"11.1","Line of Business":{"code":"LOB10","label":"Data and AI"}}]
Document Information
Modified date:
04 May 2022