Fixes are available
DB2 Version 9.1 Fix Pack 4a for Linux, UNIX and Windows
DB2 Version 9.1 Fix Pack 4 for Linux, UNIX and Windows
DB2 Version 9.1 Fix Pack 7 for Linux, UNIX and Windows
DB2 Version 9.1 Fix Pack 5 for Linux, UNIX and Windows
DB2 Version 9.1 Fix Pack 6 for Linux, UNIX and Windows
DB2 Version 9.1 Fix Pack 6a for Linux, UNIX and Windows
DB2 Version 9.1 Fix Pack 7a for Linux, UNIX and Windows
DB2 Version 9.1 Fix Pack 8 for Linux, UNIX and Windows
DB2 Version 9.1 Fix Pack 9 for Linux, UNIX and Windows
DB2 Version 9.1 Fix Pack 10 for Linux, UNIX and Windows
DB2 Version 9.1 Fix Pack 11 for Linux, UNIX and Windows
DB2 Version 9.1 Fix Pack 12 for Linux, UNIX and Windows
APAR status
Closed as program error.
Error description
A vulnerability exists in several set-uid DB2 binaries that can be exploited by a local user. The vulnerability allows a local user to create directory as root on the system through the use of symbolic links. This problem does not affect Windows systems
Local fix
Problem summary
SEE PROBLEM DESCRIPTION
Problem conclusion
first fixed in DB2 UDB version 9 fixpak 4
Temporary fix
Comments
APAR Information
APAR number
IZ07018
Reported component name
DB2 EDE AIX
Reported component ID
5724N7600
Reported release
910
Status
CLOSED PER
PE
NoPE
HIPER
YesHIPER
Special Attention
NoSpecatt
Submitted date
2007-10-22
Closed date
2008-02-11
Last modified date
2008-02-11
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
IZ07225 IZ07226 IZ07227 IZ07228 IZ07229 IZ07232
Fix information
Fixed component name
DB2 EDE AIX
Fixed component ID
5724N7600
Applicable component levels
R950 PSY
UP
Document Information
Modified date:
07 January 2022