| VID |
25097 |
| Severity |
30 |
| Port |
523 |
| Protocol |
TCP |
| Class |
DB2 |
| Detailed Description |
According to its version, the installation of DB2 9.7 on the remote host is affected by one or more of the following issues :
- When privileges on a database object are revoked from PUBLIC, the dependent functions are not marked INVALID. As a result, users with execute privilege on the
function are still able to call it successfully. (IC68015)
- If a compound SQL (compiled) statement has been issued by a user that is properly authorized, this is cached in the dynamic SQL cache. Once cached, this same query can be executed by any user if that user has the proper
authority. (IC70406)
* References:
http://www-01.ibm.com/support/docview.wss?uid=swg1IC68015
http://www-01.ibm.com/support/docview.wss?uid=swg1IC70406
* Platforms Affected:
IBM DB2 UDB versions 9.7 FixPack 3
Microsoft Windows Any version
Sun Microsystems, Inc., Solaris SPARC and x86
Hewlett-Packard Company, HP-UX 11i
Linux Any version
IBM AIX 4.0 and 5L |
| Recommendation |
For DB2 Universal Database 9.7:
Apply the latest IBM DB2 Universal Database Fix Pack (9.7 FixPak 3 or later), available from the IBM Support & downloads Web site at http://www-01.ibm.com/support/docview.wss?uid=swg24028306 |
| Related URL |
CVE-2010-3474,CVE-2010-3475 (CVE) |
| Related URL |
43291 (SecurityFocus) |
| Related URL |
(ISS) |
|
