Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2012.1005
Security Vulnerabilities, HIPER and Special Attention APARs fixed in DB2
for Linux, UNIX, and Windows Version 9.7
19 October 2012
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: DB2 Enterprise Server Edition
DB2 Workgroup Server (all Editions)
DB2 Express Server (all Editions)
DB2 Personal Edition
DB2 Connect Server (all Editions)
Publisher: IBM
Operating System: Windows
Linux variants
AIX
HP-UX
Solaris
Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Increased Privileges -- Remote/Unauthenticated
Denial of Service -- Remote/Unauthenticated
Provide Misleading Information -- Remote/Unauthenticated
Unauthorised Access -- Remote/Unauthenticated
Reduced Security -- Unknown/Unspecified
Resolution: Patch/Upgrade
CVE Names: CVE-2012-4826 CVE-2012-2197 CVE-2012-2196
CVE-2012-2194 CVE-2010-0472 CVE-2010-0462
CVE-2009-3555
Reference: ESB-2012.0884
ESB-2012.0678
ASB-2011.0031
ASB-2010.0132
ASB-2010.0112
ASB-2009.1143
ASB-2010.0033.2
Original Bulletin:
http://www-01.ibm.com/support/docview.wss?uid=swg21450666
- --------------------------BEGIN INCLUDED TEXT--------------------
Security Vulnerabilities, HIPER and Special Attention APARs fixed in DB2 for
Linux, UNIX, and Windows Version 9.7
Flash (Alert)
Document information
DB2 for Linux, UNIX and Windows
Software version:
9.7
Operating system(s):
AIX, HP-UX, Linux, Solaris, Windows
Reference #:
1450666
Modified date:
2012-10-18
Abstract
This document contains a list of fixes for Security and HIPER APARs in DB2
Version 9.7
IBM® recommends that you review the APAR descriptions and deploy one of the
above fix packs to correct them on your affected DB2 installations.
Content
A set of security vulnerabilities was discovered in some DB2 database products.
These vulnerabilities were analyzed by the DB2 development organization and a
set of corresponding fixes was created to address the reported issues. IBM is
not currently aware of any externally reported incidents where production DB2
installations have been compromised due to these issues.
The affected DB2 for Linux, UNIX, and Windows products are:
DB2 Enterprise Server Edition
DB2 Workgroup Server (all Editions)
DB2 Express Server (all Editions)
DB2 Personal Edition
DB2 Connect Server (all Editions)
DB2 Client component and DB2 products or components other than those listed
above are not affected.
Due to the complexity of the fixes required to eliminate the reported service
issues, it is not feasible to retrofit the same fixes into earlier DB2 Version
9.7 fix packs.
DB2 Version 9.7 Fix Pack 7
Security APARs
IC84714 SECURITY: SQLJ.DB2_INSTALL_JAR DIRECTORY ESCAPE VULNERABILITY
(CVE-2012-2194).
IC84748​​ SECURITY: GET_WRAP_CFG_C AND GET_WRAP_CFG_C2 ALLOWS
UNAUTHORIZED ACCESS XML FILES (CVE-2012-2196).
IC84753​​ SECURITY: STACK BUFFER OVERFLOW VULNERABILITY IN JAVA STORED
PROCEDURE INFRASTRUCTURE (CVE-2012-2197).
IC86781​​ SECURITY: STACK BUFFER OVERFLOW VULNERABILITY IN SQL/PERSISTENT
STORED MODULES DEBUGGING INFRASTRUCTURE (CVE-2012-4826).
HIPER APARs
IC83578 XQUERY MIGHT RETURN INCORRECT RESULTS WHEN BOTH 'AND' AND 'OR'
PREDICATES EXIST AND ALL PREDICATES CAN BE APPLIED TO XML INDEXES
IC83976 WITH REOPT ENABLED, STATEMENTS CONTAINING ARRAY OR ROW
VARIABLES MIGHT PRODUCE INCORRECT OUTPUT
Special Attention APARs
IC83608 SQL WITH NESTED MATH OPERATIONS ON COLUMNS THAT ARE DEFINED
WITH NOT NULL AND USING FUNCTIONS MAY RETURNED DIFFERENT RESULTS.
IC84764 INDEX CORRUPTION MAY BE INTRODUCED DURING A DATABASE UPGRADE TO
DB2 VERSION 9.7
IC85196 CREATING A UNIQUE GLOBAL INDEX ON A TABLE WITH DETACHED
PARTITION AND DEPENDANT MQT MIGHT LEAD TO INCORRECT RESULT AFTER REFRESH
IC85422 QUERY WITH A UNION AND TWO CORRELATED BRANCHES MIGHT RETURN
INCORRECT RESULTS IN PARTITIONED DATABASE ENVIRONMENTS
IC85433 BATCH INSERTS CAUSING DUPLICATE ROWS WHEN USING NULLIDRA
(REOPT=ALWAYS) VS. NULLIDR1 (REOPT=ONCE)
DB2 Version 9.7 Fix Pack 6
Security APARs
IC79274​​ SECURITY: DB2 ESCALATION OF PRIVILEGE VULNERABILITY​
IC80729​​ SECURITY: REMOTE ESCALATION OF PRIVILEGE VULNERABILITY IN DAS.
IC81380​​ SECURITY: DENIAL OF SERVICE SECURITY VULNERABILITY IN DB2'S XML
FEATURE.
IC81390​​ SECURITY: UNAUTHORIZED ACCESS TO TABLES​
IC81462​​ SECURITY: UNAUTHORIZED ACCESS TO XML FILES IN DB2'S XML FEATURE
IC82234​​ SECURITY: DB2 DENIAL OF SERVICE VULNERABILITY IN THE DRDA
COMPONENT.​
HIPER APARs
IC81066 WITH FILE SYSTEM CACHING ENABLED, SYSTEM OUTAGE MIGHT RESULT IN
CORRUPTION DURING LOB OR REORG PROCESSING
IC82403 CRASH RECOVERY OR ROLL FORWARD OPERATION MIGHT FAIL WHEN
CERTAIN LOG RECORDS ARE REPLAYED ON A TABLE WITH COMPRESSION ENABLED
Special Attention APARs
IC79727 QUERIES WITH LIKE OPERATORS MIGHT RETURN INCORRECT RESULTS DUE
TO AN INVALID HIGHEST PADDING CHARACTER
IC80394 CHANCES OF MEMORY LEAK INTRODUCED IN VERSION 9.7 FIX PACK 5
IC80456 LIKE CLAUSES MIGHT RETURN INCORRECT RESULTS FOR COLUMNS WITH
VARCHAR DATA TYPE IN UNICODE DATABASES
IC81388 FAILED ONLINE LOAD WITH INDEX REBUILD CAN LEAD TO MISMATCH
BETWEEN TABLE AND INDEX
IC81466 WITH FILE SYSTEM CACHING ENABLED, SYSTEM OUTAGE DURING LOAD
PROCESSING MIGHT RESULT IN CORRUPTION
IC82348 DATABASE CAN BE MARKED BAD DURING RECOVERY OR HADR REPLAY WHEN
XML DATA IS IN THE TABLE
IC82921 INCORRECT RESULTS AFTER LOADING A TABLE WITH CONSTRAINTS
FOLLOWED BY RUNNING ALTER TABLE STATEMENT WITH ATTACH OR DETACH OPTIONS
Back to top
DB2 Version 9.7 Fix Pack 5
Security APARs
IC70473​​ SECURITY: POTENTIAL TRAP WITH STMM ENABLED AND DATABASE_MEMORY
SET TO AUTOMATIC​
IC76901 SECURITY: REMOTE DENIAL OF SERVICE OF DB2 SERVER.
HIPER APARs
IC78251 ADMIN_MOVE_TABLE PROCEDURE RETURNS SQL0969N, SQL1188N or
SQL0408N ERROR CODE
IC77502 TRANSACTION LOG CORRUPTION DUE TO ENTERING A TIMING HOLE UPON
RECEIVING AN INTERRUPT DURING CRASH RECOVERY
IC77510 CLI FUNCTIONS RETURN SQL_SUCCESS EVEN WHEN
SQL_ATTR_INSERT_BUFFERING = SQL_ATTR_INSERT_BUFFERING_IGD and INSERT COMMAND
FAILS
IC77439 POSSIBLE INCORRECT RESULTS FROM A GROUP OF LEFT JOIN, INNER
JOIN, AND COALESCE EXPRESSION IN AN ON PREDICATE
IC77337 INCORRECT OUTPUT MIGHT BE RETURNED BY A QUERY WITH PARTITION
ELIMINATION INVOLVING MULTIPLE COLUMNS AND NON-CONSTANT KEYS
IC76792 BAD PAGE HEADER ENCOUNTERED BY PREFETCHER DURING ONLINE BACKUP
ON LINUX PLATFORM. BACKUP IMAGE MAY BE CORRUPTED.
IC76679 INCORRECT RESULTS ARE RETURNED IF AN SQL QUERY CONTAINS RID(),
RID_BIT() or ROWID
IC76116 INCORRECT RESULTS OBTAINED WHEN USING VARCHAR_FORMAT (TO_CHAR)
TO CONVERT NUMERIC VALUES TO FORMATTED STRINGS
Special Attention APARs
IC76415 SQL30021 MESSAGE STATING 'MANAGER "0X1440" AT LEVEL "9" NOT
SUPPORTED' IS RETURNED WHILE CONNECTING TO HOST VIA SEPARATE GATEWAY
DB2 Version 9.7 Fix Pack 4
Security APARs
IC72119 Users able to update statistics for tables without appropriate
privileges
IC71375 SECURITY: User continues to have privilege to execute a non-DDL
statement after role membership has been revoked from its group
HIPER APARs
IC75037 AFTER LOAD INSERT INTO MDC+RP (RANGE PARTITIONED) TABLE, SET
INTEGRITY MAY SILENTLY FAIL TO VALIDATE ROWS AGAINST CONSTRAINTS
IC74244 NESTED-LOOP JOIN WITH EARLYOUT FOR GROUPBY CLAUSES, YIELDS
INCORRECT RESULTS WHEN JOIN COLUMNS ARE OF DIFFERENT DATA TYPES
IC72698 INCORRECT RESULTS OR "SQL204N TABLE NOT FOUND" ERROR RETURNED
WHEN SELECTING FROM VIEW.
Special Attention APARs
IC73163 HIGH MEMORY ALLOCATION WHILE PROCESSING TABLE QUEUE ( TQ )
SPILLS ON DPF SYSTEMS
DB2 Version 9.7 Fix Pack 3a
HIPER APARs
IC70959 INSERT OR UPDATE WITH INDEX COMPRESSION MAY CAUSE MEMORY
CORRUPTION AND CRASH
IC69772 POTENTIAL CORRUPTION WHEN REPLAYING LOG RECORDS THAT INSERT
KEYS INTO AN INDEX AND TRIGGER PAGE SPLITS
DB2 Version 9.7 Fix Pack 3
Security APARs
IC68015 SECURITY: FUNCTIONS ARE NOT INVALIDATED NOR DROPPED EVEN WHEN
THE OWNER LOSES SUFFICIENT PRIVILEGE TO ACCESS UNDERLYING OBJECTS.
IC70406 SECURITY: UPDATE AGAINST A TABLE VIA A COMPOUND SQL (COMPILED)
STATEMENT MAY BE EXECUTED BY USER WTHOUT REQUIRED PRIVILEGE
IC70539 SECURITY: REMOTE BUFFER OVERFLOW VULNERABILITY IN DB2
ADMINISTRATIVE SERVER
IC72029 SECURITY: DB2 DAS REMOTE CODE EXECUTION VULNERABILITY
HIPER APARs
IC71241 Possible incorrect result on recursive views which joins to a
table on a unique column
Special Attention APARs
IC70482 OCCURRENCE OF INSTANCE CRASH WITH SIGNAL 11
DB2 Version 9.7 Fix Pack 2
Security APARs
IC67008 SECURITY: SYSTEM GRANTED PRIVILEGES NOT REGENERATED ON VIEWS
WHEN AUTO_REVAL IS SET TO IMMEDIATE
IC67819 SECURITY: MONITOR ADMINISTRATIVE VIEWS IN SYSIBMADM SCHEMA ARE
VIEWABLE BY PUBLIC.
IC63548 SECURITY APAR: MODIFIED SQL DATA table function is not dropped
when definer loses required privileges to maintain the objects.
IC65742 SECURITY: VULNERABILITY IN DB2STST.
IC65762 Security: DB2DART CAN OVERWRITE FILES OWNED BY THE NSTANCE
OWNER.
IC65935 SECURITY: BUFFER OVERRUN IN REPEAT UDF (CVE-2010-0462)
IC68762 SECURITY: THE TIVOLI MONITORING AGENT (KUDDB2) FOR DB2 HAS DOS
VULNERABILITY. (CVE-2010-0472)
IC66643 Security: Special group and user enumeration on Windows 2008
could trap the server.
IC68055 SECURITY: TRANSPORT LAYER SECURITY (TLS) HANDSHAKE
RENEGOTIATION WEAK SECURITY CVE-2009-3555
IC66815 SECURITY: User continues to have privilege to execute a non-DDL
statement after their DBADM authority has been revoked.
HIPER APARs
IC66358 DELETE NOT REMOVING DATA FROM MDC TABLE.
IC65446 LOAD FROM CURSOR FROM A TABLE WITH LOB COLUMN IN DPF
ENVIRONMENT MIGHT LOAD WRONG RESULTS IN THE TARGET TABLE LOB COLUMN
IC65328 In DB2 V9.7 FP1 ONLINE BACKUP MAY FAIL WITH SQL2048 RC = 5,
ERROR RAISED IN SQLUBRESIZEBUFSPACE PROBE 472 or it may hang.
IC64864 DELETING DATA FROM MULTIDIMENSIONAL CLUSTERED (MDC) TABLES
RETURNS INACCURATE RESULTS DUE TO DEFERRED ROLLOUT PROCESSING
IC62126 Multi-threaded non-Java application either crashes or has code
page conversion issues such as truncation of data
IC64092 THE ROUND SQL FUNCTION CAN RETURN THE WRONG RESULT ON A
DECFLOAT INPUT VALUES OF Infinity/-Infinity
DB2 Version 9.7 Fix Pack 1
Security APARs
IC64759 DASAUTO COMMAND CAN BE RUN BY NON-PRIVILEGED USERS
IC62502 Security: db2licm utility vulnerability
IC63525 SECURITY: Remote exploits of DB2 provided routines.
IC63302 Security: Manipulation of db2ra data stream of Load utility
request can cause seg fault.
IC64852 SECURITY: SEQUENCE OR GLOBAL VARIABLE CAN BE USED WITHOUT THE
APPROPRIATE PRIVILEGE
IC63959 INCORRECT FILE PERMISSION AND AUTHORIZATION FOR HA SCRIPTS WHEN
INSTALLED VIA V9.5.
IC64325 In a rare case, calling a SQL stored procedure could cause the
DB2 server to trap
IC64853 VISIBILITY OF PASSWORDS IN SET ENCRYPTION PASSWORD STATEMENT AS
SEEN VIA GET SNAPSHOT DYNAMIC SQL
IC68055 SECURITY: TRANSPORT LAYER SECURITY (TLS) HANDSHAKE
RENEGOTIATION WEAK SECURITY CVE-2009-3555
Security: DB2 instance terminates abnormally while compiling a SQL
query
HIPER APARs
IC61886 VERSION 9.7 DATABASE UPGRADE MAY CREATE A CORRUPTED LOG CONTROL
FILE
IC62219 DYNAMIC SQL STATEMENTS WITH HOST VARIABLES, USING A REOPT
ALWAYS OPTIMIZER GUIDELINE, MAY RETURN WRONG RESULTS
IC62771 INDEX COMPRESSION CAN RESULT IN A CORRUPTED INDEX
IC64066 Incorrect result with multiple IN list to join (GENROW) plans
via transivity on SMP and MPP environment
IC62088 LOAD UTILITY MAY MARK A ROW BIT INCORRECTLY CAUSING INDEX SCAN
TO RETURN INCORRECT RESULTS
IC63415 OUTER JOIN OPERATION MAY RETURN INCORRECT RESULTS WITH A
PREDICATE WITH A SUBQUERY RETURNING NOT MORE THAN ONE ROW
IC63668 INCORRECT RESULTS WHEN ORDERED COLUMN GROUP OR PREDICATE CAN BE
USED AS INDEX KEYS
IC64767 ALTER BUFFERPOOL REDUCE OR STMM MAY HANG IF SET WRITE SUSPEND
HAD BEEN ISSUED
IC64541 SQLSETSTMTATTRW(SQL_ATTR_CHAINING_END) RETURNS 0, EVEN WHEN ONE
OF THE PREVIOUS CHAINED STATEMENTS FAILED
IC64462 UPDATE/DELETE OPERATION FROM A TABLE AFTER ONLINE TABLE MOVE
CAUSES DB2 TO CRASH
DB2 fix packs for all supported versions can be downloaded at the following
site: http://www.ibm.com/support/docview.wss?uid=swg27007053
The DB2 team will continue to have a strong focus on delivering timely fixes
for newly discovered issues along with information that helps our customers to
decide on an appropriate course of action. The DB2 team regrets the
inconvenience that these issues are causing to you, our customers. We believe
that our actions are the most prudent steps to address your concerns and remain
open to suggestions on how to further improve our processes.
My Notifications
Sign-up to receive e-mail notification of changes to this document.
1. Sign in to My Notifications
2. select Subscribe tab
3. select "Information Management" from the Software column
4. select the check box for "DB2 for Linux, UNIX and Windows"
click the Continue button.
5. select the check box for "Flashes" and all other document types
click the Submit button.
For more information about My Notifications please click on
the Benefits and features or
take an guided tour of My Notifications.
Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business Machines
Corp., registered in many jurisdictions worldwide. Other product and service
names might be trademarks of IBM or other companies. A current list of IBM
trademarks is available on the Web at "Copyright and trademark information" at
www.ibm.com/legal/copytrade.shtml.
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBUIDPle4yVqjM2NGpAQJgSw//Vosi7xCSg3YmdGuWb6znd2TWn12gQWn6
/Jsxd39ThBTF+ip1RA5RLgwBWLp8UHkChV9f/Lqv4blSEYQjYn8lYjIlANuYR4hW
0PvQjU6FsjrviBSFEXB4PkTg9EIwDQTjtyQ5KLFfDzhrginvYHOoHVoQQoOPw2zg
KLA5JszHvnTE4DB2SDn7OC4zGvWyGUYAvwou/SMZuzkJp5GgoiIVL2XHJ7j2tHrh
YZ6wMqQAZ+gymJy/NUH2kDdNucCTi8FjHdYgOcmMAzghRNHOlKho+DvDOmjUTCTg
Uw7SeBCjqLFhjDpSHfxW9pDOGndkumHQuB9dTYExI39te58AHwnk4AOftp0vIYEA
9I46rpSrjKfBn1JY3nmdu0wpDwNwRfJIwM88is9+EMwoliT0NhzKDz3+A/e6uhCU
xu7rqlLy7O9IToPeJ6UJs4RjE9z0NwK9G+Z3vGMNvzcx2WCoul9oq8UClwRqTtjV
76g8qlbExoV1l0qrcs33P0RyHPSvoldkarMQvzI0hmCYHqiN4BebgYGUB4m0hoCX
b3xv849Fagn3PrwjP2PwD9T5KeGnnDb5L5Ji/JQNgC+K6ySgGGj1VTI12c8MOAws
mpiXttXkpXg9VVeys23csyQKAIqrTY3OwMJAVAnaNnnRfQpR2T34YUFo8FrdUi5w
xKW+T0n5jxA=
=7zzE
-----END PGP SIGNATURE-----