CVE-2012-0709
Priority
Medium
Description
IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 through FP4 does not
properly check variables, which allows remote authenticated users to bypass
intended restrictions on viewing table data by leveraging the CREATEIN
privilege to execute crafted SQL CREATE VARIABLE statements.
properly check variables, which allows remote authenticated users to bypass
intended restrictions on viewing table data by leveraging the CREATEIN
privilege to execute crafted SQL CREATE VARIABLE statements.
References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0709
http://xforce.iss.net/xforce/xfdb/73493
http://www-01.ibm.com/support/docview.wss?uid=swg21588100
http://www-01.ibm.com/support/docview.wss?uid=swg1IC81836
http://www-01.ibm.com/support/docview.wss?uid=swg1IC81390
http://www-01.ibm.com/support/docview.wss?uid=swg1IC81387
http://xforce.iss.net/xforce/xfdb/73493
http://www-01.ibm.com/support/docview.wss?uid=swg21588100
http://www-01.ibm.com/support/docview.wss?uid=swg1IC81836
http://www-01.ibm.com/support/docview.wss?uid=swg1IC81390
http://www-01.ibm.com/support/docview.wss?uid=swg1IC81387
Notes
jdstrand> no fix available for 9.7, but there is a mitigation. See IBM
support documentation.
support documentation.
Package
| Upstream: | needs-triage |
| Ubuntu 8.04 LTS (Hardy Heron): | ignored (reached end-of-life) |
| Ubuntu 10.04 LTS (Lucid Lynx): | deferred |
| Ubuntu 11.10 (Oneiric Ocelot): | DNE |
| Ubuntu 12.04 LTS (Precise Pangolin): | deferred |
| Ubuntu 12.10 (Quantal Quetzal): | DNE |
| Ubuntu 13.04 (Raring Ringtail): | DNE |