CVE-2009-4333 Information

Description

The Relational Data Services component in IBM DB2 9.5 before FP5 allows attackers to obtain the password argument from the SET ENCRYPTION PASSWORD statement via vectors involving the GET SNAPSHOT FOR DYNAMIC SQL command.

Reference

ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT http://secunia.com/advisories/37759 http://www.securityfocus.com/bid/37332 http://www.vupen.com/english/advisories/2009/3520 http://www-01.ibm.com/support/docview.wss?uid=swg1IZ38819 http://www-01.ibm.com/support/docview.wss?uid=swg21293566 http://www-01.ibm.com/support/docview.wss?uid=swg21412902