IBM Support

IZ10033: SECURITY: Buffer overflow vulnerability in DAS server program.

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • There exists an internal buffer overflow vulnerability in DAS
    process. If the buffer gets overflowed it crashes the DAS
    server process.
    Buffer overflow condition could allow attackers to elevate
    privileges to the superuser level and may allow arbitrary code
    execution on the server machine.
    

Local fix

  • No local fix is available.
    

Problem summary

  • SECURITY: Buffer overflow vulnerability in DAS server program.
    

Problem conclusion

  • First fixed in DB2 UDB Version 8.2, FixPak 16
    
    There exists an internal buffer overflow vulnerability in DAS
    process. If the buffer gets overflowed it crashes the DAS
    server process.
    Buffer overflow condition could allow attackers to elevate
    privileges to the superuser level and may allow arbitrary code
    execution on the server machine.
    

Temporary fix

  • No local fix is available.
    

Comments

APAR Information

  • APAR number

    IZ10033

  • Reported component name

    DB2 UDB ESE AIX

  • Reported component ID

    5765F4100

  • Reported release

    820

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    YesHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2007-12-05

  • Closed date

    2008-07-15

  • Last modified date

    2008-07-15

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

    IZ12379 IZ12406 IZ12407

Fix information

  • Fixed component name

    DB2 UDB ESE AIX

  • Fixed component ID

    5765F4100

Applicable component levels

  • R820 PSY UP

       IZ10033

[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSEPGG","label":"Db2 for Linux, UNIX and Windows"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"820","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}}]

Document Information

Modified date:
15 July 2008