Unsafe deserialization in DB2 JDBC driver
The Db2 JDBC driver deserializes the contents of /tmp/connlicj.bin (default path, this is configurable), which leads to object injection and potentially arbitrary code execution depending on the classpath.
CVEID:CVE-2017-1677
**DESCRIPTION:*IBM Data Server Driver for JDBC and SQLJ deserializes the contents of /tmp/connlicj.bin which leads to object injection and potentially arbitrary code execution depending on the classpath.
CVSS Base Score: 7.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/133999> for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
DB2Connect 9.5
DB2Connect 9.7
DB2Connect 10.1
DB2Connect 10.5
DB2Connect 11.1
Product
|
VRMF
|
APAR
|
Remediation / First Fix
—|—|—|—
DB2Connect | V11.1 M2FP2 SB | IT23592 | JCC version 3.72.41/4.23.48
See workaround or contact support
DB2Connect | V10.5 FP9 SB | IT23591 | JCC version 3.69.75/4.19.76
See workaround or contact support
DB2Connect | V10.1 FP6 SB | IT23590 | JCC version 3.65.138/4.15.147
See workaround or contact support
DB2Connect | V9.7 FP11 SB | IT23575 | JCC version 3.64.142/4.14.147
See workaround or contact support
DB2Connect | V9.5 FP10 SB | IT23575 | JCC version 3.64.142/4.14.147
See workaround or contact support
Workaround is to Set db2.jcc.outputDirectory property to a secure location so that driver will write the cache file to the configured location which can not accessed without proper authentication.
Or use the above Special build drivers.