Security Bulletin: IBM Data Server Driver for JDBC and SQLJ is affected by a 3RD PARTY Unsafe deserialization

Summary

Unsafe deserialization in DB2 JDBC driver

Vulnerability Details

The Db2 JDBC driver deserializes the contents of /tmp/connlicj.bin (default path, this is configurable), which leads to object injection and potentially arbitrary code execution depending on the classpath.

CVEID:CVE-2017-1677
**DESCRIPTION:*IBM Data Server Driver for JDBC and SQLJ deserializes the contents of /tmp/connlicj.bin which leads to object injection and potentially arbitrary code execution depending on the classpath.
CVSS Base Score: 7.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/133999&gt; for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

DB2Connect 9.5

DB2Connect 9.7

DB2Connect 10.1

DB2Connect 10.5

DB2Connect 11.1

Remediation/Fixes

Product

|

VRMF

|

APAR

|

Remediation / First Fix

—|—|—|—
DB2Connect | V11.1 M2FP2 SB | IT23592 | JCC version 3.72.41/4.23.48
See workaround or contact support
DB2Connect | V10.5 FP9 SB | IT23591 | JCC version 3.69.75/4.19.76
See workaround or contact support
DB2Connect | V10.1 FP6 SB | IT23590 | JCC version 3.65.138/4.15.147
See workaround or contact support
DB2Connect | V9.7 FP11 SB | IT23575 | JCC version 3.64.142/4.14.147
See workaround or contact support
DB2Connect | V9.5 FP10 SB | IT23575 | JCC version 3.64.142/4.14.147
See workaround or contact support

Workarounds and Mitigations

Workaround is to Set db2.jcc.outputDirectory property to a secure location so that driver will write the cache file to the configured location which can not accessed without proper authentication.
Or use the above Special build drivers.