PT-2009-6449 · Ibm · Ibm Db2
Published
2009-12-16
·
Updated
2010-06-29
·
CVE-2009-4326
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
IBM DB2 versions 9.5 before FP5
IBM DB2 versions 9.7 before FP1
Description
The issue is related to the RAND scalar function in the Common Code Infrastructure component. When the Database Partitioning Feature (DPF) is used, it produces repeating return values. This could allow attackers to predict a value and defeat protection mechanisms based on randomization.
Recommendations
For IBM DB2 version 9.5, update to FP5 or later to resolve the issue.
For IBM DB2 version 9.7, update to FP1 or later to resolve the issue.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Db2