Information
The CONNECT_PROC stored procedure runs as part of every connection to the database and allows customization of the application environment, such as setting special registers. It could for example, set the CURRENT_PATH special register which controls the search path for finding functions and procedures to execute. Only an authorized procedure should be used.
Rationale:
The CONNECT_PROC procedure could be used to modify the application environment within the connection causing unexpected behavior.
NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
Solution
To turn off the connect proc, perform the following commands:
Connect to the Db2 database
db2 => connect to <dbname>
Run the following command:
db2 => update database configuration using
connect_proc NULL IMMEDIATE