IBM Support

IZ12379: SECURITY: Buffer overflow vulnerability in DAS server program.

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • There exists an internal buffer overflow vulnerability in DAS
    process. If the buffer gets overflowed it crashes the DAS
    server process.
    Buffer overflow condition could allow attackers to elevate
    privileges to the superuser level and may allow arbitrary code
    execution on the server machine.
    

Local fix

  • No local fix is available.
    

Problem summary

  • Buffer overflow vulnerability in DAS server program.
    

Problem conclusion

  • First fixed in DB2 UDB Version 9.1, FixPak 4a
    

Temporary fix

Comments

APAR Information

  • APAR number

    IZ12379

  • Reported component name

    DB2 UDB ESE AIX

  • Reported component ID

    5765F4100

  • Reported release

    910

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    YesHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2008-01-07

  • Closed date

    2008-05-13

  • Last modified date

    2008-05-13

  • APAR is sysrouted FROM one or more of the following:

    IZ10033

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    DB2 UDB ESE AIX

  • Fixed component ID

    5765F4100

Applicable component levels

  • R910 PSY UP

       IZ12379

[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSEPGG","label":"Db2 for Linux, UNIX and Windows"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"910","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}}]

Document Information

Modified date:
13 May 2008