CVE-2014-0907

EUVD-2014-0937
Multiple untrusted search path vulnerabilities in unspecified (1) setuid and (2) setgid programs in IBM DB2 9.5, 9.7 before FP9a, 9.8, 10.1 before FP3a, and 10.5 before FP3a on Linux and UNIX allow local users to gain root privileges via a Trojan horse library.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.2 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 21%
Affected Products (NVD)
VendorProductVersion
ibmdb2
9.5
ibmdb2
9.7
ibmdb2
9.7.0.1
ibmdb2
9.7.0.2
ibmdb2
9.7.0.3
ibmdb2
9.7.0.4
ibmdb2
9.7.0.5
ibmdb2
9.7.0.6
ibmdb2
9.7.0.7
ibmdb2
9.7.0.8
ibmdb2
9.7.0.9
ibmdb2
10.1
ibmdb2
10.1.0.1
ibmdb2
10.1.0.2
ibmdb2
10.1.0.3
ibmdb2
10.5
ibmdb2
10.5.0.1
ibmdb2
10.5.0.2
𝑥
= Vulnerable software versions
References
http://packetstormsecurity.com/files/126940/IBM-DB2-Privilege-Escalation.html
http://seclists.org/fulldisclosure/2014/Jun/7
http://secunia.com/advisories/59451
http://secunia.com/advisories/59463
http://secunia.com/advisories/60482
http://www-01.ibm.com/support/docview.wss?uid=isg400001841
http://www-01.ibm.com/support/docview.wss?uid=isg400001843
http://www-01.ibm.com/support/docview.wss?uid=swg1IT00627
http://www-01.ibm.com/support/docview.wss?uid=swg1IT00684
http://www-01.ibm.com/support/docview.wss?uid=swg1IT00685
http://www-01.ibm.com/support/docview.wss?uid=swg1IT00686
http://www-01.ibm.com/support/docview.wss?uid=swg1IT00687
http://www-01.ibm.com/support/docview.wss?uid=swg21680454
http://www-304.ibm.com/support/docview.wss?uid=swg21676135
http://www.ibm.com/support/docview.wss?uid=swg1IT00686
http://www.ibm.com/support/docview.wss?uid=swg21610582#4
http://www.ibm.com/support/docview.wss?uid=swg21672100
http://www.securityfocus.com/bid/67617
http://www.securitytracker.com/id/1030670
http://www.securitytracker.com/id/1030671
https://exchange.xforce.ibmcloud.com/vulnerabilities/91869
https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-0907/
http://packetstormsecurity.com/files/126940/IBM-DB2-Privilege-Escalation.html
http://seclists.org/fulldisclosure/2014/Jun/7
http://secunia.com/advisories/59451
http://secunia.com/advisories/59463
http://secunia.com/advisories/60482
http://www-01.ibm.com/support/docview.wss?uid=isg400001841
http://www-01.ibm.com/support/docview.wss?uid=isg400001843
http://www-01.ibm.com/support/docview.wss?uid=swg1IT00627
http://www-01.ibm.com/support/docview.wss?uid=swg1IT00684
http://www-01.ibm.com/support/docview.wss?uid=swg1IT00685
http://www-01.ibm.com/support/docview.wss?uid=swg1IT00686
http://www-01.ibm.com/support/docview.wss?uid=swg1IT00687
http://www-01.ibm.com/support/docview.wss?uid=swg21680454
http://www-304.ibm.com/support/docview.wss?uid=swg21676135
http://www.ibm.com/support/docview.wss?uid=swg1IT00686
http://www.ibm.com/support/docview.wss?uid=swg21610582#4
http://www.ibm.com/support/docview.wss?uid=swg21672100
http://www.securityfocus.com/bid/67617
http://www.securitytracker.com/id/1030670
http://www.securitytracker.com/id/1030671
https://exchange.xforce.ibmcloud.com/vulnerabilities/91869
https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-0907/