Description
The RAND scalar function in the Common Code Infrastructure component in IBM DB2 9.5 before FP5 and 9.7 before FP1, when the Database Partitioning Feature (DPF) is used, produces "repeating" return values, which might allow attackers to defeat protection mechanisms based on randomization by predicting a value.
References (9)
Core 9
Core References
Various Sources vendor-advisory
x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IC63946
Various Sources x_refsource_confirm
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v97/APARLIST.TXT
Various Sources x_refsource_confirm
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT
Various Sources vendor-advisory
x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IZ44872
Patch x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21293566
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/3520
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/37332
Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21412902
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/37759
Scores
EPSS
0.0179
EPSS Percentile
75.8%
Details
CWE
CWE-200
Status
published
Products (2)
ibm/db2
9.5 (7 CPE variants)
ibm/db2
9.7
Published
Dec 16, 2009
Tracked Since
Feb 18, 2026