IBM issues fix for DB2 UDB flaw

Edward Hurley, Editor

IBM plugged a security flaw in IBM's DB2 Universal Database this week.

The vulnerability, which could allow people already with access to the database to elevate their privileges, is only found in DB2 Universal Database for Linux, Windows and Unix, IBM said in a security advisory. Specifically, DB2 Universal Database version 8.1.4 through 8.1.9 and version 8.2.0 through 8.2.2 are affected.

    Requires Free Membership to View

For more information

DB2 V8 = better security

Featured Topic: Physical security

z/OS versions are not affected but companies running DB2 Universal Database for Linux on the mainframe are vulnerable.

The following products have the flaw: DB2 UDB Enterprise Server Edition, DB2 UDB Workgroup Server (all Editions), DB2 UDB Express Server (all Editions) and DB2 UDB Personal Edition.

According to the French Security Incident Response Team, a security research firm, the flaw could allow database users access to insert, update or delete contents of certain tables even if they don't have the privileges to do so. The flaw's potential for widespread exploit by something like a worm or malicious hackers is virtually nil because it cannot be remotely exploited by attackers.

Companies should, however, consider patching their systems sooner rather than later. IBM has created a fix for the flaw. Users would need to install a FixPak. To determine, whether you are affected or to download the proper FixPak, click here.

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: