COMMAND

    DB2

SYSTEMS AFFECTED

    IBM DB2 for winnt(v6.1) IBM DB2 for linux(v6.1)

PROBLEM

    Ben  Jurry  found  following.   The  DB2 Universal Database builds
    upon the  stability and  performance of  DB2 on  the mainframe and
    provides the features required in a distributed database  product.
    DB2 Universal Database (UDB)  is IBM's relational database  server
    solution  for  the  UNIX,  OS/2  and  Windows  NT/2000   operating
    environments.  And  More than 70%  of the world's  major companies
    rely   on   DB2   to   manage   their   mission-critical  business
    applications.

    During the installation of IBM DB2 V6.1 there is no prompt to  the
    admin user to change the default passwords, leaving the possiblity
    for a user  to gain access  to the database  and even the  system.
    Under winnt/win2k,the account named db2admin,the default  password
    is  db2admin.   Under  linux  the  accounts named db2inst1, db2as,
    db2fenc1, and the default password is ibmdb2.

    Successful exploitation of this vulnerability could enable a  user
    access the data and system.

SOLUTION

    Change the default account and  password.  I believe this  is what
    manual says as well.