CVE-2019-4447

IBM DB2 High Performance Unload load for LUW 6.1, 6.1.0.1, 6.1.0.1 IF1, 6.1.0.2, 6.1.0.2 IF1, and 6.1.0.1 IF2 db2hpum_debug is a setuid root binary which trusts the PATH environment variable. A low privileged user can execute arbitrary commands as root by altering the PATH variable to point to a user controlled location. When a crash is induced the trojan gdb command is executed. IBM X-Force ID: 163488.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
ibmCNA
8.4 HIGH
LOCAL
LOW
NONE
CVSS:3.0/I:H/AC:L/A:H/PR:N/UI:N/S:U/AV:L/C:H/E:U/RC:C/RL:O
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 8%
VendorProductVersion
ibmdb2_high_performance_unload_load
6.1
ibmdb2_high_performance_unload_load
6.1.0.1
ibmdb2_high_performance_unload_load
6.1.0.1:if1
ibmdb2_high_performance_unload_load
6.1.0.1:if2
ibmdb2_high_performance_unload_load
6.1.0.2
ibmdb2_high_performance_unload_load
6.1.0.2:if1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.ibm.com/support/docview.wss?uid=ibm10964592
https://exchange.xforce.ibmcloud.com/vulnerabilities/163488
http://www.ibm.com/support/docview.wss?uid=ibm10964592
https://exchange.xforce.ibmcloud.com/vulnerabilities/163488