-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                              ESB-2010.0780.3
         Security Vulnerabilities and HIPER APARs fixed in DB2 for
                         Linux, UNIX, and Windows
                             1 September 2010

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           DB2
Publisher:         IBM
Operating System:  AIX
                   HP-UX
                   Linux variants
                   Solaris
                   Windows
Impact/Access:     Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Overwrite Arbitrary Files       -- Existing Account            
                   Provide Misleading Information  -- Remote/Unauthenticated      
                   Denial of Service               -- Remote with User Interaction
                   Unauthorised Access             -- Remote/Unauthenticated      
                   Reduced Security                -- Unknown/Unspecified         
Resolution:        Patch/Upgrade
CVE Names:         CVE-2010-3197 CVE-2010-3196 CVE-2010-3195
                   CVE-2010-3194 CVE-2010-3193 CVE-2010-0462
                   CVE-2009-3555  

Reference:         ASB-2010.0033.2
                   ASB-2009.1125.2

Original Bulletin: 
   http://www-01.ibm.com/support/docview.wss?uid=swg21426108
   http://www-01.ibm.com/support/docview.wss?uid=swg21444772

Revision History:  September  1 2010: Added additional CVEs
                   September  1 2010: Added CVE reference
                   August    30 2010: Initial Release

- --------------------------BEGIN INCLUDED TEXT--------------------

Security Vulnerabilities and HIPER APARs fixed in DB2 for Linux, UNIX, and 
Windows Version 9.1 Fix Pack 9
 Flash (Alert)
 
Abstract
Fix Pack 9 for DB2 V9.1 is now available which includes fixes for some security 
vulnerabilities and HIPER APARs. These fixes, where applicable, are also 
available in Fix Pack 6 for DB2 Version 9.5 and Fix Pack 2 for DB2 Version 9.7.

IBM recommends that you review the APAR descriptions and deploy one of the 
above fix packs to correct them on your affected DB2 installations.
 
Content
A set of security vulnerabilities was discovered in some DB2 database products. 
These vulnerabilities were analyzed by the DB2 development organization and a 
set of corresponding fixes was created to address the reported issues.
The affected DB2 UDB for Linux, UNIX, and Windows products are:

    * DB2 Enterprise Server Edition
    * DB2 Workgroup Server (all Editions)
    * DB2 Express Server (all Editions)
    * DB2 Personal Edition
    * DB2 Connect Server (all Editions)


DB2 Client component and DB2 products or components other than those listed 
above are not affected.

Due to the complexity of the fixes required to eliminate the reported service 
issues, it is not feasible to retrofit the same fixes into earlier DB2 Version 
9.1, DB2 Version 9.5 and DB2 Version 9.7 fix packs.

The specifics of the Security APARs incorporated into the above DB2 fix packs 
can be found in the following table:


Security APARs



V9.1    V9.5    V9.7    ABSTRACT
FP9     FP6     FP2
	
IC65922			SECURITY: BUFFER OVERRUN IN REPEAT UDF.

IC67848			SECURITY: TRANSPORT LAYER SECURITY (TLS) HANDSHAKE 
                        RENEGOTIATION WEAK SECURITY CVE-2009-3555

IZ46773	IZ46774	IC63548	SECURITY APAR: MODIFIED SQL DATA table function is not 
                        dropped when definer loses required privileges to 
                        maintain the objects.

IC65408	IC65703	IC65742	SECURITY: VULNERABILITY IN DB2STST.

IC65749 IC65756 IC65762	Security: DB2DART CAN OVERWRITE FILES OWNED BY THE 
                        NSTANCE OWNER.

IC65922	IC65933	IC65935	SECURITY: BUFFER OVERRUN IN REPEAT UDF (CVE-2010-0462)

IC66099	IC66642	IC66643	Security: Special group and user enumeration on Windows 
                        2008 could trap the server.

IC67848	IC68054	IC68055	SECURITY: TRANSPORT LAYER SECURITY (TLS) HANDSHAKE 
                        RENEGOTIATION WEAK SECURITY CVE-2009-3555


In addition to the Security APARs, here is a list of HIPER APARs included in 
these fix packs of which you should be aware.


HIPER APARs

V9.1    V9.5    V9.7    ABSTRACT
FP9     FP6     FP2

IZ62236	IC63414 IC63415 OUTER JOIN OPERATION MAY RETURN INCORRECT RESULTS WITH  
(in FP5)	(in FP1)A PREDICATE WITH A SUBQUERY RETURNING NOT MORE THAN 
                        ONE ROW
	
IZ55549	IZ55987 IC62219 DYNAMIC SQL STATEMENTS WITH HOST VARIABLES, USING A  
(in FP5)	(in FP1)REOPT ALWAYS OPTIMIZER GUIDELINE, MAY RETURN WRONG 
                        RESULTS
	
IZ70791			INCORRECT RESULTS ARE RETURNED WHEN SELECT DISTINCT 
                        SUBQUERY IS ROUTED TO MATERIALIZED QUERY TABLES (MQT)

IC65432			LOAD FROM CURSOR FROM A TABLE WITH LOB COLUMN IN DPF 
                        ENVIRONMENT MIGHT LOAD WRONG RESULTS IN THE TARGET 
                        TABLE LOB COLUMN

IZ70791	IZ70790	N/A	INCORRECT RESULTS ARE RETURNED WHEN SELECT DISTINCT 
                        SUBQUERY IS ROUTED TO MATERIALIZED QUERY TABLES (MQT)

IC65432	IC65445	N/A	LOAD FROM CURSOR FROM A TABLE WITH LOB COLUMN IN DPF 
                        ENVIRONMENT MIGHT LOAD WRONG RESULTS IN THE TARGET 
                        TABLE LOB COLUMN



DB2 fix packs for all supported versions can be downloaded at the following 
site: http://www.ibm.com/support/docview.wss?rs=71&uid=swg27007053

The DB2 team will continue to have a strong focus on delivering timely fixes 
for newly discovered issues along with information that helps our customers 
to decide on an appropriate course of action. The DB2 team regrets the 
inconvenience that these issues are causing to you, our customers. We believe 
that our actions are the most prudent steps to address your concerns and 
remain open to suggestions on how to further improve our processes.

Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business 
Machines Corp., registered in many jurisdictions worldwide. Other product 
and service names might be trademarks of IBM or other companies. A current 
list of IBM trademarks is available on the Web at "Copyright and trademark 
information" at www.ibm.com/legal/copytrade.shtml.

- -------------------------------------------------------------------------------

Security Vulnerabilities and HIPER APARs fixed in DB2 for Linux, UNIX, and 
Windows Version 9.5 Fix Pack 6
 Flash (Alert)
 
Abstract
Fix Pack 6 for DB2 V9.5 is now available which includes fixes for some 
security vulnerabilities and HIPER APARs. These fixes, where applicable, are 
also available in Fix Pack 9 for DB2 Version 9.1 and Fix Pack 2 for DB2 
Version 9.7

IBM recommends that you review the APAR descriptions and deploy one of the 
above fix packs to correct them on your affected DB2 installations.
 
 
Content
A set of security vulnerabilities was discovered in some DB2 database products. 
These vulnerabilities were analyzed by the DB2 development organization and a 
set of corresponding fixes was created to address the reported issues. IBM is 
not currently aware of any externally reported incidents where production DB2 
installations have been compromised due to these issues.
The affected DB2 UDB for Linux, UNIX, and Windows products are:

    * DB2 Enterprise Server Edition
    * DB2 Workgroup Server (all Editions)
    * DB2 Express Server (all Editions)
    * DB2 Personal Edition
    * DB2 Connect Server (all Editions)


DB2 Client component and DB2 products or components other than those listed 
above are not affected.

Due to the complexity of the fixes required to eliminate the reported service 
issues, it is not feasible to retrofit the same fixes into earlier DB2 Version 
9.1, DB2 Version 9.5 and DB2 Version 9.7 fix packs.

The specifics of the Security APARs incorporated into the above DB2 fix packs 
can be found in the following table:


HIPER APARs

V9.1    V9.5    V9.7    ABSTRACT
FP9     FP6     FP2	

IZ70791	IZ70790		INCORRECT RESULTS ARE RETURNED WHEN SELECT DISTINCT 
                        SUBQUERY IS ROUTED TO MATERIALIZED QUERY TABLES (MQT)

IC65432	IC65445		LOAD FROM CURSOR FROM A TABLE WITH LOB COLUMN IN DPF 
                        ENVIRONMENT MIGHT LOAD WRONG RESULTS IN THE TARGET 
                        TABLE LOB COLUMN

	IC62125	IC62126	Multi-threaded non-Java application either crashes or 
                        has code page conversion issues such as truncation of 
                        data

	IC62742	IC64092 THE ROUND SQL FUNCTION CAN RETURN THE WRONG RESULT ON 
                        A DECFLOAT INPUT VALUES OF Infinity/-Infinity

	IZ70080		Tablespace corruption due to IN-MEMORY POOL CONTROL 
                        BLOCK OUT OF SYNCH WITH POOL PAGE 0 IN REGARDS TO 
                        LAST INITIALIZED SMP EXTENT



DB2 fix packs for all supported versions can be downloaded at the following 
site: http://www.ibm.com/support/docview.wss?rs=71&uid=swg27007053

The DB2 team will continue to have a strong focus on delivering timely fixes 
for newly discovered issues along with information that helps our customers to 
decide on an appropriate course of action. The DB2 team regrets the 
inconvenience that these issues are causing to you, our customers. We believe 
that our actions are the most prudent steps to address your concerns and remain 
open to suggestions on how to further improve our processes.

Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business 
Machines Corp., registered in many jurisdictions worldwide. Other product and 
service names might be trademarks of IBM or other companies. A current list 
of IBM trademarks is available on the Web at "Copyright and trademark 
information" at www.ibm.com/legal/copytrade.shtml.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iD8DBQFMfa9X/iFOrG6YcBERAvAAAKDHOKGhUKyCyVPUjlLM+GSKCsyVoQCgs/pf
vrgb4LfSvLo+wLuFekoI89U=
=5bdQ
-----END PGP SIGNATURE-----