Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > February 2005 > NGSSoftware Security Advisory: IBM's DB2 Universal Database Version 8.1 and earlier.

February 2005

NGSSoftware Security Advisory: IBM's DB2 Universal Database Version 8.1 and earlier.

ID: 00137
Ref: 120/2005
Date: 14 February 2005:15:39:57
Version: 1
Title: NGSSoftware Security Advisory: IBM's DB2 Universal Database Version 8.1 and earlier.
Abstract: Researchers at NGSSoftware have discovered a high risk vulnerability in IBM's DB2 Universal Database Version 8.1 and earlier. IBM has just released Fixpak 8 for DB2 UDB 8.1 which addresses the security flaw
Vendors affected: NGSSoftware
Operating systems affected: NGSSoftware
Applications affected: NGSSoftware
Title
=====

NGSSoftware Security Advisory: IBM's DB2 Universal Database Version 8.1
and earlier.

Detail
======

Researchers at NGSSoftware have discovered a high risk vulnerability in
IBM's DB2 Universal Database Version 8.1 and earlier.
IBM has just released Fixpak 8 for DB2 UDB 8.1 which addresses the
security flaw


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Researchers at NGSSoftware have discovered a high risk vulnerability in
IBM's DB2 Universal Database Version 8.1 and earlier.

IBM has just released Fixpak 8 for DB2 UDB 8.1 which addresses the
security flaw

http://www-306.ibm.com/software/data/db2/udb/support/downloadv8.html


NGSSoftware are going to withhold details about this flaw for three months.
Full details will be published on the 9th of May 2005. At that time an
updated advisory will be published at

http://www.ngssoftware.com/advisories/db2-09-05-05.htm

No updated advisory will be posted to the security mailing lists.


This three month window will allow DB2 database administrators the time
needed to test and apply the Fixpak before the details are released to
the general public. This reflects NGSSoftware's new approach to responsible
disclosure.

NGSSQuirreL for DB2, NGSSoftware's advanced vulnerability assessment scanner
and security manager for IBM DB2, has been updated to check for and positively
identify this flaw in DB2 database servers on the network. More information
about NGSSQuirreL for DB2 can be found at http://www.nextgenss.com/db2.htm

NGSSoftware Insight Security Research
http://www.databasesecurity.com/ http://www.nextgenss.com/
+44(0)208 401 0070

- -----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQA/AwUBQgqHloLrzlkFLkKmEQKnewCcDwK0iXwZv5RLx9cO/imV9zc5MnoAoIDk
rbubr30cxidFoYnE+yGO1o56
=2qbO
- -----END PGP SIGNATURE-----
  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |