I don't know all the details, but it looks like the flaw exists not
directly into the database, but in a component shipped with it, namely
the IBM DB2 JDBC Applet Server Service. As far as I know, this
functionality does not exist in the System i version of DB2. The db2jds
service would run on TCP port 6789, which is not in use on any of our
V5R3, V5R4 machines.
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of rob@xxxxxxxxx
Sent: Thursday, October 18, 2007 3:01 PM
To: midrange-l@xxxxxxxxxxxx; security400@xxxxxxxxxxxx
Cc: chris@xxxxxxxxx; watson@xxxxxxxxx; tbrush@xxxxxxxxx
Subject: DB2UDB hack
This link points to a hack for DB2 UDB on Unix, Linux and Windows. Hey,
if it was only Windows I would leave it at that, but is there a matching
apar for i5/os?