Error description
This APAR completes APAR IY86917.
A malicious CONNECT data stream sent to a DB2 server from V7 client may cause instance crash, resulting in a denial of service.
The vulnerability is caused due to a NULL pointer dereference error within “sqle_db2ra_as_recvrequest” and can be exploited to crash the DB2 instance via a specially crafted SQLJRA packet.
Local fix
Disable or restrict remote access to the database server. Disable the DB2 TCP/IP listener if not required (set SVCENAME to NULL in the database manager configuration), or use a firewall to restrict connections to the DB2 TCP/IP listener port.
IBM has agreed to acquire Vallent Corp., a supplier of network performance monitoring and service management software. The terms of the deal which where announced yesterday by IBM, were not disclosed.
IBM was awarded $863 million in a contract in Texas serving 27 state agencies. The contract is expected to save Texas $25 million in 2008-2009 and $159 million over its lifetime.
IBM will produce a tape with increased capacity to it’s product line. The new tape, called IBM System Storage 3599 can store 40% more data at 700G bytes total capacity. The cartridges will be available Jan. 26, 2007, for US $5,400 a pack. Each pack will contain 20 tapes.
| M | T | W | T | F | S | S |
|---|---|---|---|---|---|---|
| « Jan | ||||||
| 1 | 2 | 3 | 4 | 5 | ||
| 6 | 7 | 8 | 9 | 10 | 11 | 12 |
| 13 | 14 | 15 | 16 | 17 | 18 | 19 |
| 20 | 21 | 22 | 23 | 24 | 25 | 26 |
| 27 | 28 | 29 | 30 | |||
21 queries. 0.868 seconds
