Fixes are available
DB2 Version 9.1 Fix Pack 4a for Linux, UNIX and Windows
DB2 Version 9.1 Fix Pack 4 for Linux, UNIX and Windows
DB2 Version 9.1 Fix Pack 7 for Linux, UNIX and Windows
DB2 Version 9.1 Fix Pack 5 for Linux, UNIX and Windows
DB2 Version 9.1 Fix Pack 6 for Linux, UNIX and Windows
DB2 Version 9.1 Fix Pack 6a for Linux, UNIX and Windows
DB2 Version 9.1 Fix Pack 7a for Linux, UNIX and Windows
DB2 Version 9.1 Fix Pack 8 for Linux, UNIX and Windows
DB2 Version 9.1 Fix Pack 9 for Linux, UNIX and Windows
DB2 Version 9.1 Fix Pack 10 for Linux, UNIX and Windows
DB2 Version 9.1 Fix Pack 11 for Linux, UNIX and Windows
DB2 Version 9.1 Fix Pack 12 for Linux, UNIX and Windows
APAR status
Closed as program error.
Error description
Local exploitation of a design error in db2pd could allow an attacker to elevate privileges to root when running the db2pd tool. This problem was reported to IBM by an anonymous researcher working with the iDefense Vulnerability Contributor Program (VCP) and Joshua J. Drake of iDefense Labs. This APAR addresses the issues described by CVE-2007-5757 at cve.mitre.org
Local fix
Problem summary
see problem description
Problem conclusion
APAR first fixed in DB2 version 8.1 fixpak 16
Temporary fix
Comments
APAR Information
APAR number
IZ03073
Reported component name
DB2 UDB ESE AIX
Reported component ID
5765F4100
Reported release
910
Status
CLOSED PER
PE
NoPE
HIPER
YesHIPER
Special Attention
NoSpecatt
Submitted date
2007-08-14
Closed date
2008-02-29
Last modified date
2008-03-06
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
IZ03546 IZ03548 IZ03550 IZ03552 IZ03553
Fix information
Fixed component name
DB2 UDB ESE AIX
Fixed component ID
5765F4100
Applicable component levels
R810 PSY
UP
Document Information
Modified date:
08 January 2022