IBM Support

IZ37697: SECURITY: MALICIOUS CONNECT DATA STREAM CAN CAUSE DENIAL OF SERV ICE.

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • A malicious connect data stream can cause the DB2 server
    to go into an infinite loop, incapacitating the server
    .
    This problem was reported to IBM by Dennis Yurichev.
    

Local fix

Problem summary

  • ****************************************************************
    USERS AFFECTED:
    All DB2 systems on all Linux, Unix and Windows platforms at
    service levels from Version 9.5 GA through to Version 9.5 Fix
    Pack 3.
    ****************************************************************
    PROBLEM DESCRIPTION:
    A malicious DRDA connect data stream can cause the DB2 server
    to go into infinite loop, incapacitating the server.
    .
    This problem was reported to IBM by Dennis Yurichev.
    ****************************************************************
    RECOMMENDATION:
    Upgrade to DB2 V9.5 FP3a and above.
    ****************************************************************
    

Problem conclusion

  • The DB2 server will keep the machine busy and the overall
    performance of the machine will degrade.
    .
    The complete fix for this problem first appears in DB2 Version
    9.5 Fix Pack 3a and all the subsequent Fix Packs.
    

Temporary fix

Comments

APAR Information

  • APAR number

    IZ37697

  • Reported component name

    DB2 UDB ESE AIX

  • Reported component ID

    5765F4100

  • Reported release

    950

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2008-11-17

  • Closed date

    2009-02-13

  • Last modified date

    2009-02-13

  • APAR is sysrouted FROM one or more of the following:

    IZ36534

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    DB2 UDB ESE AIX

  • Fixed component ID

    5765F4100

Applicable component levels

  • R950 PSN

       UP

[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSEPGG","label":"Db2 for Linux, UNIX and Windows"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"950","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}}]

Document Information

Modified date:
13 February 2009