Vulnerability Details CVE-2014-0907
Multiple untrusted search path vulnerabilities in unspecified (1) setuid and (2) setgid programs in IBM DB2 9.5, 9.7 before FP9a, 9.8, 10.1 before FP3a, and 10.5 before FP3a on Linux and UNIX allow local users to gain root privileges via a Trojan horse library.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 23.0%
CVSS Severity
CVSS v2 Score 7.2
References
- http://packetstormsecurity.com/files/126940/IBM-DB2-Privilege-Escalation.html
- http://seclists.org/fulldisclosure/2014/Jun/7
- http://secunia.com/advisories/59451
- http://secunia.com/advisories/59463
- http://secunia.com/advisories/60482
- http://www-01.ibm.com/support/docview.wss?uid=isg400001841
- http://www-01.ibm.com/support/docview.wss?uid=isg400001843
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT00627
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT00684
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT00685
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT00686
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT00687
- http://www-01.ibm.com/support/docview.wss?uid=swg21680454
- http://www-304.ibm.com/support/docview.wss?uid=swg21676135
- http://www.ibm.com/support/docview.wss?uid=swg1IT00686
- http://www.ibm.com/support/docview.wss?uid=swg21610582#4
- http://www.ibm.com/support/docview.wss?uid=swg21672100
- http://www.securityfocus.com/bid/67617
- http://www.securitytracker.com/id/1030670
- http://www.securitytracker.com/id/1030671
- https://exchange.xforce.ibmcloud.com/vulnerabilities/91869
- https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-0907/
- http://packetstormsecurity.com/files/126940/IBM-DB2-Privilege-Escalation.html
- http://seclists.org/fulldisclosure/2014/Jun/7
- http://secunia.com/advisories/59451
- http://secunia.com/advisories/59463
- http://secunia.com/advisories/60482
- http://www-01.ibm.com/support/docview.wss?uid=isg400001841
- http://www-01.ibm.com/support/docview.wss?uid=isg400001843
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT00627
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT00684
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT00685
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT00686
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT00687
- http://www-01.ibm.com/support/docview.wss?uid=swg21680454
- http://www-304.ibm.com/support/docview.wss?uid=swg21676135
- http://www.ibm.com/support/docview.wss?uid=swg1IT00686
- http://www.ibm.com/support/docview.wss?uid=swg21610582#4
- http://www.ibm.com/support/docview.wss?uid=swg21672100
- http://www.securityfocus.com/bid/67617
- http://www.securitytracker.com/id/1030670
- http://www.securitytracker.com/id/1030671
- https://exchange.xforce.ibmcloud.com/vulnerabilities/91869
- https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-0907/
Products affected by CVE-2014-0907
-
cpe:2.3:a:ibm:db2:10.1
-
cpe:2.3:a:ibm:db2:10.1.0.1
-
cpe:2.3:a:ibm:db2:10.1.0.2
-
cpe:2.3:a:ibm:db2:10.1.0.3
-
cpe:2.3:a:ibm:db2:10.5
-
cpe:2.3:a:ibm:db2:10.5.0.1
-
cpe:2.3:a:ibm:db2:10.5.0.2
-
cpe:2.3:a:ibm:db2:9.5
-
cpe:2.3:a:ibm:db2:9.7
-
cpe:2.3:a:ibm:db2:9.7.0.1
-
cpe:2.3:a:ibm:db2:9.7.0.2
-
cpe:2.3:a:ibm:db2:9.7.0.3
-
cpe:2.3:a:ibm:db2:9.7.0.4
-
cpe:2.3:a:ibm:db2:9.7.0.5
-
cpe:2.3:a:ibm:db2:9.7.0.6
-
cpe:2.3:a:ibm:db2:9.7.0.7
-
cpe:2.3:a:ibm:db2:9.7.0.8
-
cpe:2.3:a:ibm:db2:9.7.0.9