Secunia

Some vulnerabilities have been reported in DB2, which potentially can be exploited by malicious users to cause a DoS (Denial of Service) or to bypass certain security restrictions.

1) An error in the handling of SQL query containing constant strings may be exploited to crash DB2 via a specially crafted query.

2) An infinite loop error in the processing of hash joins may be exploited to dump error messages into the db2diag.log file, eventually filling up the file system.

3) An error in the handling of abnormally terminated connections causes orphaned "db2agents" processes to be left behind and consuming CPU resources.

4) An error in the handling of object creation may be exploited by malicious users to create objects based on routines even when the user is not granted execute privilege.

5) An error in the handling of a query with more than 32000 elements in the "in" list, or involving the SYSCAT.TABLES, may be exploited to crash the database instance.

6) An error in the "db2jd" listener service when handling connections from certain clients may be exploited to crash the service.

Solution
The vulnerabilities have been fixed in Version 8 FixPak 10 (Version 8.2 FixPak 3)
Further details available in Customer Area

Provided and/or discovered by
Reported by vendor.

Original Advisory
http://www-1.ibm.com/support/docview.wss?uid=swg1IY70808
http://www-1.ibm.com/support/docview.wss?uid=swg1IY70561
http://www-1.ibm.com/support/docview.wss?uid=swg1IY71587
http://www-1.ibm.com/support/docview.wss?uid=swg1IY71865
http://www-1.ibm.com/support/docview.wss?uid=swg1LI70817
http://www-1.ibm.com/support/docview.wss?uid=swg1IY72588
http://www-1.ibm.com/support/docview.wss?uid=swg1JR21329

Deep Links
Links available in Customer Area