top of page
    • Dec 19, 2021
    • 2 min read

Log4j affects some features of IBM Db2 | Check Db2 federation| IBM released FIXes (CVE-2021-44228)

IBM has confirmed several of its major enterprise products are affected by the Log4j bug. The company confirmed that the IBM Db2 Warehouse, which uses Log4j, allowed a remote attacker to execute arbitrary code on the system. Well Log4j is used in the Db2 Federation feature (detected and vulnerable in Db2 version 11.5; IBM Db2 V9.7, V10.1, V10.5 and V11.1 are not affected).

IBM has released a special fix pack and mitigation notes for Db2 version 11.5 systems that are vulnerable if certain Federation features are configured. Below are the IBM Links for more details, workarounds, mitigation and download the special build for Log4j bug fix.


Check Federation status.

To determine if Federation is enabled, issue the following:

db2 get dbm cfg | grep FEDERATED

If a value of NO is returned, you are not vulnerable.


If you have Db2 Federation enabled then you can either remove this via db2setup or set the parameter as detailed by IBM. There are some details specific to Db2 11.5:


Fix pack levels of IBM Db2 V11.5 for all editions on all platforms are affected only if the following features are configured:

Federation:

  • DVM JDBC wrapper driver,

  • NoSQL wrapper driver (for Hadoop),

  • Blockchain wrapper driver (for Hyperledger Fabric, Linux 64-bit, x86-64 only)

Now check if you have these wrappers in use.


1) To determine if the DVM JDBC wrapper is in use, issue the following statement:

db2 "select servername from syscat.serveroptions where option = 'DRIVER_CLASS' and setting = 'com.rs.jdbc.dv.DvDriver'"

If a servername is returned, then you are using the DVM JDBC wrapper via the DvDriver class.

2) To determine if the NoSQL hadoop wrapper is in use, issue the following statement:

db2 "select * from syscat.servers where servertype = 'HDFSPARQUET'"

If 1 or more rows are returned, then NoSQL hadoop wrapper is in use.


3) To determine if the NoSQL Blockchain wrapper is in use, issue the following statement:

db2 "select * from syscat.serveroptions where option='PEER_URL'"

If 1 or more rows are returned, then NoSQL Blockchain wrapper is in use.


If you are running Db2 11.5 and have any of these wrappers in use then a Special Build can be provided by Development Support via a case. Check IBM links mentioned in starting of the Blog.


That's all in this post. If you liked this blog and interested in knowing more about IBM Db2. Please Like, Follow, Share & Subscribe to www.ImJhaChandan.com.

jc_logo.png

Hi, thanks for stopping by!

Welcome! to my “Muse & Learn” blog.

This website will help you to learn useful queries/SQL, Tips to troubleshoot problem and their remediation, perform DB related activities etc... and don't forget to muse with us :)....

It cover few useful information on below topics :
 

MySQL, SQL Server, DB2, Linux/UNIX/AIX, HTML ....

Let the posts
come to you.

Thanks for submitting!

  • Instagram
  • Facebook
  • Twitter
© 2023 By ImJhaChandan

Subscribe to Our Newsletter

Thanks for submitting!

  • Facebook
  • Instagram
  • Twitter

© 2020-2023 By ImJhaChandan

bottom of page