CVE-2012-2194
Priority
Medium
Description
Directory traversal vulnerability in the SQLJ.DB2_INSTALL_JAR stored
procedure in IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8
through FP5, and 10.1 allows remote attackers to replace JAR files via
unspecified vectors.
procedure in IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8
through FP5, and 10.1 allows remote attackers to replace JAR files via
unspecified vectors.
References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2194
http://www-01.ibm.com/support/docview.wss?uid=swg21600837
http://www-01.ibm.com/support/docview.wss?uid=swg1IC84716
http://www-01.ibm.com/support/docview.wss?uid=swg1IC84715
http://www-01.ibm.com/support/docview.wss?uid=swg1IC84714
http://www-01.ibm.com/support/docview.wss?uid=swg1IC84711
http://www-01.ibm.com/support/docview.wss?uid=swg1IC84019
http://www-01.ibm.com/support/docview.wss?uid=swg21600837
http://www-01.ibm.com/support/docview.wss?uid=swg1IC84716
http://www-01.ibm.com/support/docview.wss?uid=swg1IC84715
http://www-01.ibm.com/support/docview.wss?uid=swg1IC84714
http://www-01.ibm.com/support/docview.wss?uid=swg1IC84711
http://www-01.ibm.com/support/docview.wss?uid=swg1IC84019
Notes
tyhicks> A fix pack for 9.7 is not yet available as of 2012-07-25
Package
| Upstream: | needs-triage |
| Ubuntu 8.04 LTS (Hardy Heron): | ignored (reached end-of-life) |
| Ubuntu 10.04 LTS (Lucid Lynx): | deferred |
| Ubuntu 11.10 (Oneiric Ocelot): | DNE |
| Ubuntu 12.04 LTS (Precise Pangolin): | deferred |
| Ubuntu 12.10 (Quantal Quetzal): | DNE |
| Ubuntu 13.04 (Raring Ringtail): | DNE |