A vulnerability in IBM DB2 could allow a remote, authenticated user to cause a DB2 LUW server to terminate all connections to a database and deactivate the database. This only affects the database which the user is connected to.
Affected product(s) and affected version(s):
The following IBM DB2 V9.7, V10.1 and V10.5 editions running on AIX, Linux, HP, Solaris and Windows:
IBM® DB2® Express Edition
IBM® DB2® Workgroup Server Edition
IBM® DB2® Enterprise Server Edition
IBM® DB2® Advanced Enterprise Server Edition
IBM® DB2® Advanced Workgroup Server Edition
IBM® DB2® Connect™ Application Server Edition
IBM® DB2® Connect™ Enterprise Edition
IBM® DB2® Connect™ Unlimited Edition for System i®
IBM® DB2® Connect™ Unlimited Edition for System z®
The following IBM V9.8 editions running on AIX and Linux:
IBM® DB2® pureScale™ Feature for Enterprise Server Edition
The DB2 Connect products mentioned are affected only if a local database has been created.
The vulnerability is not applicable to DB2 releases before V9.7.
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21660041
X-Force Database: http://xforce.iss.net/xforce/xfdb/89116