[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Fwd: vulnerability issue for DB2 express

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Fwd: vulnerability issue for DB2 express
From: shatter@xxxxxxxxxxxxx
Date: Mon, 18 Nov 2013 19:06:49 GMT

This was a bug in the DB2 code and was fixed by IBM long ago.
Both, v6 and v7 of DB2 are very old and out of support versions. Even if you 
apply the Fix Packs mentioned below you will still have many other security 
vulnerabilities in the system.
My recommendation is to plan on upgrading the DB2 server to a newer version of 
DB2 that is still supported by IBM.

For DB2 version 6.1, this was fixed in FixPak 8. You can download this FixPak 
from 
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us

For DB2 version 7.x, this was fixed in FixPak 3. This FixPak can be downloaded 
from 
http://www-306.ibm.com/software/data/db2/udb/support/downloadv7.html

You can also find some more information here:
http://www.teamshatter.com/threat-finder/519-ibm-db2-datevarchar-dos/

Prev by Date: [OVSA20131108] OpenVAS Manager And OpenVAS Administrator Vulnerable To Partial Authentication Bypass
Next by Date: [SOJOBO-ADV-13-04] - PHP-Nuke 8.2.4 multiple vulnerabilities
Previous by thread: Fwd: vulnerability issue for DB2 express
Next by thread: XSS on Juniper JUNOS 11.4 Embedthis Appweb 3.2.3
Index(es):
- Date
- Thread