Fixes are available
DB2 Version 9.1 Fix Pack 4a for Linux, UNIX and Windows
DB2 Version 9.1 Fix Pack 3 for Linux, UNIX and Windows
DB2 Version 9.1 Fix Pack 4 for Linux, UNIX and Windows
DB2 Version 9.1 Fix Pack 7 for Linux, UNIX and Windows
DB2 Version 9.1 Fix Pack 5 for Linux, UNIX and Windows
DB2 Version 9.1 Fix Pack 2a - interim special build 2a
DB2 Version 9.1 Fix Pack 2 for Linux, UNIX and Windows
DB2 Version 9.1 Fix Pack 6 for Linux, UNIX and Windows
DB2 Version 9.1 Fix Pack 3a for Linux, UNIX and Windows
DB2 Version 9.1 Fix Pack 6a for Linux, UNIX and Windows
DB2 UDB Version 8.1 FixPak 16 (also known as Version 8.2 FixPak 9 )
DB2 Version 9.1 Fix Pack 7a for Linux, UNIX and Windows
DB2 Version 9.1 Fix Pack 8 for Linux, UNIX and Windows
DB2 Version 9.1 Fix Pack 9 for Linux, UNIX and Windows
DB2 Version 9.1 Fix Pack 10 for Linux, UNIX and Windows
DB2 Version 9.1 Fix Pack 11 for Linux, UNIX and Windows
DB2 Version 9.1 Fix Pack 12 for Linux, UNIX and Windows
APAR status
Closed as program error.
Error description
Users Affected: External fenced routines on Unix platforms Without this APAR fix, the fenced userid may be able to access directories without proper authorization. In order to enable the fix, the DB2_LIMIT_FENCED_GROUP registry variable must be set to YES and db2updv8 must be run on all databases in the instance. Example: db2updv8 -d <dbname> -j db2set DB2_LIMIT_FENCED_GROUP=YES NOTE 1: db2updv8 -j will only fix the permissions necessary for this security feature. No other changes to the database will be made. If db2updv8 is run without the -j option, all the updates will be applied inlcuding the permissions necessary for the security feature. NOTE 2: Once db2updv8 (on V8 FP14 or later) has been run on all databases the registry variable may be set any time. After applying the DB2 registry variable, applications that assumed fenced user has authority to access directory may fail now. Customers need to evaluate the authority for fenced user and consider assigning appropriate groups to the fenced user if necessary.
Local fix
Problem summary
Users Affected: External fenced routines on Unix platformsd. Problems summary: Fenced userid incorrectly able to access directories. Without this APAR fix, the fenced userid may be able to access directories without proper authorization.
Problem conclusion
First Fixed in DB2 UDB Version 8.1 fixpack 14. (also known as Version 8.2 Fixpak 7) Please note that in v9.5 and higher it is not required to set DB2_LIMIT_FENCED_GROUP=Yes to enable thix fix as it is enabled automatically. Any values set to DB2_LIMIT_FENCED_GROUP will be ignored on Unix platforms
Temporary fix
Comments
. If FP14 has not been applied yet to the instance, then first install one of the fixpaks that contains IY86711 ( fixpak 14 or higher). After the fixpak is installed use: db2updv8 -d dbname -j Next, set the DB2_LIMIT_FENCED_GROUP=YES registry variable. . For databases and database objects created using DB2 V8 FP14 and later the permissions for these database objects are already set to have the correct permissions described in IY86711 and only setting the DB2_LIMIT_FENCED_GROUP=YES registry variable on your system is required to correct this security vulnerability. .
APAR Information
APAR number
IY86711
Reported component name
DB2 UDB ESE AIX
Reported component ID
5765F4100
Reported release
820
Status
CLOSED PER
PE
NoPE
HIPER
YesHIPER
Special Attention
NoSpecatt
Submitted date
2006-07-06
Closed date
2006-11-30
Last modified date
2011-02-25
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
DB2 UDB ESE AIX
Fixed component ID
5765F4100
Applicable component levels
R820 PSN
UP
Document Information
Modified date:
07 January 2022