IBM DB2 9.1 Post-Auth Data Stream Trap Vulnerability (APAR IZ39373)

Vulnerability ID: IZ39373 Vulnerability Description: A malicious, malformed data stream sent to a DB2 server can cause the server to trap. However, the malformed data stream is only effective after a valid DB2 authentication has occurred. A regular DB2 client cannot send the malformed data stream under normal or accidental usage. Affected Users: All DB2 servers on Linux, Unix, and Windows platforms at service levels from Version 9.1 GA through Version 9.1 Fix Pack 6. Remediation: The complete fix for this issue first appears in DB2 Version 9.1 Fix Pack 6a and all subsequent Fix Packs. Temporary Workaround: None. Vulnerability Status: Closed Vulnerability Category: Programming Error - Fix provided (PER) Is a Fix Available?: Yes, Fixes are available. Related Documentation: - Product: Db2 Linux, Unix and Windows - Software Version: 9.1.0 - Document Number: DT193296 - Date of Update: August 05, 2023, 08:28 GMT+2 Vulnerability Details: - APAR Number: IZ39373 - Reported Component Name: DB2 UDB ESE AIX - Reported Component ID: 5765F4100 - Reported Component Release: 910 - Fixed Error Type: Fix in Error - PE Type: NoPE - HIPER Level: NoHIPER - Special Attention: NoSpecatt - Submit Date: December 04, 2008 - Closed Date: February 13, 2009 - Latest Update Date: August 05, 2023 - DB2 Version 9.1 Fix Pack 7a for Linux, UNIX and Windows: ibm.com/support/pages/node/305607 - DB2 Version 9.1 Fix Pack 7 for Linux, UNIX and Windows: ibm.com/support/pages/node/576873 - DB2 Version 9.1 Fix Pack 8 for Linux, UNIX and Windows: ibm.com/support/pages/node/305795 - DB2 Version 9.1 Fix Pack 9 for Linux, UNIX and Windows: ibm.com/support/pages/node/306887 - DB2 Version 9.1 Fix Pack 11 for Linux, UNIX and Windows: ibm.com/support/pages/node/310339 - DB2 Version 9.1 Fix Pack 12 for Linux, UNIX and Windows: ibm.com/support/pages/node/311735 - DB2 Version 9.1 Fix Pack 6a for Linux, UNIX and Windows: ibm.com/support/pages/node/576527

Goal Reached Thanks to every supporter — we hit 100%!

IBM DB2 9.1 Post-Auth Data Stream Trap Vulnerability (APAR IZ39373)