IBM Support

JR30227: SECURITY VULNERABILITY: DB2FMP PROCESS ON WINDOWS RUNNING WITH OS PRIVILEGE.

 

APAR status

  • Closed as program error.

Error description

  • On Windows, db2fmp process is running with OS privilege.
    This problem was reported to IBM by Cesar Cerrudo of
    Application Security Inc.

Local fix

Problem summary

  • ****************************************************************
    USERS AFFECTED:
    DB2 v9.5 on all Windows platforms
    ****************************************************************
    PROBLEM DESCRIPTION:
    On Windows, db2fmp process is running with OS privilege.
    This problem was reported to IBM by Cesar Cerrudo of
    Application Security Inc.
    ****************************************************************
    RECOMMENDATION:
    Upgrade to DB2 v9.5 FP2
    Please refer to Technote "OS permission of db2fmp process on
    Windows" (Reference # 7013059)
    http://www-01.ibm.com/support/docview.wss?rs=0&context=SWB30&dc=
    DA400&q1=7013059&uid=swg27013059&loc=en_US&cs=utf-8&cc=us&lang=e
    n
    ****************************************************************

Problem conclusion

Temporary fix

Comments

APAR Information

  • APAR number

    JR30227

  • Reported component name

    DB2 UDB ESE WIN

  • Reported component ID

    5765F4101

  • Reported release

    950

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2008-08-14

  • Closed date

    2008-09-05

  • Last modified date

    2008-09-05

  • APAR is sysrouted FROM one or more of the following:

    JR30026

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    DB2 UDB ESE WIN

  • Fixed component ID

    5765F4101

Applicable component levels

  • R950 PSN

       UP

[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSEPGG","label":"Db2 for Linux, UNIX and Windows"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"950","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}}]

Document Information

Modified date:
05 September 2008