IBM Support

IT27409: CUSTOMER RECEIVES -607 WHEN INVOKING ATS STORED PROCEDURE

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • Due to the fix for security APAR IT25813 wsdbu01349804
    [SECURITY: ADMINISTRATIVE TASK SCHEDULER IS VULNERABLE TO A
    PRIVILEGE ESCALATION],  customer receives -607 errors when
    trying execute ATS stored procedure tasks due to ATS package
    using an authorization ID other than SYSIBM. The affected ATS
    procedures are
    SYSPROC.ADMIN_TASK_ADD/ADMIN_TASK_REMOVE/ADMIN_TASK_UPDATE.
    
    The current authorization ID for the ATS package can be verified
    by issuing the following SQL statement and looking at the
    BOUNDBY value: "SELECT PKGSCHEMA, PKGNAME, BOUNDBY FROM
    SYSCAT.PACKAGES WHERE PKGNAME LIKE 'ATS%'"
    
    
    The value of the BOUNDBY value can be changed away from SYSIBM
    through explicit binding of the db2ats_sps.bnd or db2ubind.lst
    files. If the bind of the db2ats_sps.bnd file is successful, the
    BOUNDBY will be changed to the current session authorization ID.
    If the bind fails with a -607 error, then the BOUNDBY value will
    not be changed and ATS processing will not be affected.
    
    This APAR will implement logic to have Db2 automatically
    validate and, if necessary, restore the authorization ID for ATS
    when an ATS stored procedure is invoked.
    
    Note that attempts by customer to bind the db2ats_sps.bnd file
    when the ATS control tables exist in the database  will still
    continue to fail with a -607 error even after applying this
    APAR. This is the new, expected behaviour.
    
    The customer may receive the following error during a bind:
    SQL0082C An error has occurred which has terminated processing.
    

Local fix

  • None known.
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED:                                              *
    * ALL                                                          *
    ****************************************************************
    * PROBLEM DESCRIPTION:                                         *
    * See Error Description                                        *
    ****************************************************************
    * RECOMMENDATION:                                              *
    * Upgrade to Db2 11.1 Mod 4 Fixpack 4 iFix 001 or higher       *
    ****************************************************************
    

Problem conclusion

  • First fixed in Db2 11.1 Mod 4 Fixpack 4 iFix 001
    

Temporary fix

Comments

APAR Information

  • APAR number

    IT27409

  • Reported component name

    DB2 FOR LUW

  • Reported component ID

    DB2FORLUW

  • Reported release

    B10

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2018-12-18

  • Closed date

    2019-03-07

  • Last modified date

    2019-08-01

  • APAR is sysrouted FROM one or more of the following:

    IT27385

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    DB2 FOR LUW

  • Fixed component ID

    DB2FORLUW

Applicable component levels

  • RB10 PSN

       UP

[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSEPGG","label":"Db2 for Linux, UNIX and Windows"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"11.1","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}}]

Document Information

Modified date:
01 August 2019