CVE-2009-4326

Name of the Vulnerable Software and Affected Versions IBM DB2 versions 9.5 before FP5 IBM DB2 versions 9.7 before FP1

Description The issue is related to the RAND scalar function in the Common Code Infrastructure component. When the Database Partitioning Feature (DPF) is used, it produces repeating return values. This could allow attackers to predict a value and defeat protection mechanisms based on randomization.

Recommendations For IBM DB2 version 9.5, update to FP5 or later to resolve the issue. For IBM DB2 version 9.7, update to FP1 or later to resolve the issue.