IBM issues fix for DB2 UDB flaw

IBM fixed a security flaw in its DB2 Universal Database product this week. The moderately severe vulnerability is found in DB2 UDB versions running on Linux, Windows and Unix.

IBM plugged a security flaw in IBM's DB2 Universal Database this week.

The vulnerability, which could allow people already with access to the database to elevate their privileges, is only found in DB2 Universal Database for Linux, Windows and Unix, IBM said in a security advisory. Specifically, DB2 Universal Database version 8.1.4 through 8.1.9 and version 8.2.0 through 8.2.2 are affected.

For more information


DB2 V8 = better security

Featured Topic: Physical security
 

z/OS versions are not affected but companies running DB2 Universal Database for Linux on the mainframe are vulnerable.

The following products have the flaw: DB2 UDB Enterprise Server Edition, DB2 UDB Workgroup Server (all Editions), DB2 UDB Express Server (all Editions) and DB2 UDB Personal Edition.

According to the French Security Incident Response Team, a security research firm, the flaw could allow database users access to insert, update or delete contents of certain tables even if they don't have the privileges to do so. The flaw's potential for widespread exploit by something like a worm or malicious hackers is virtually nil because it cannot be remotely exploited by attackers.

Companies should, however, consider patching their systems sooner rather than later. IBM has created a fix for the flaw. Users would need to install a FixPak. To determine, whether you are affected or to download the proper FixPak, click here.

Dig deeper on IBM DB2 management

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchBusinessAnalytics

SearchAWS

SearchContentManagement

SearchOracle

SearchSAP

SearchSOA

SearchSQLServer

Close