ID CVE-2014-0907
Summary Multiple untrusted search path vulnerabilities in unspecified (1) setuid and (2) setgid programs in IBM DB2 9.5, 9.7 before FP9a, 9.8, 10.1 before FP3a, and 10.5 before FP3a on Linux and UNIX allow local users to gain root privileges via a Trojan horse library. Per http://cwe.mitre.org/data/definitions/426.html "CWE-426: Untrusted Search Path"
References
Vulnerable Configurations
  • cpe:2.3:a:ibm:db2:9.5:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:9.5:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:9.7.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:9.7.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:9.7.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:9.7.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:9.7.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:9.7.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:9.7.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:9.7.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:9.7.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:9.7.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:9.7.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:9.7.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:9.7.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:9.7.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:9.7.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:9.7.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:9.7.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:9.7.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:10.1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:10.1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:10.1.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:10.1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:10.1.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:10.1.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:10.5.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:10.5.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:10.5.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:10.5.0.2:*:*:*:*:*:*:*
CVSS
Base: 7.2 (as of 29-08-2017 - 01:34)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:L/Au:N/C:C/I:C/A:C
refmap via4
aixapar
  • IT00627
  • IT00684
  • IT00685
  • IT00686
  • IT00687
bid 67617
confirm
fulldisc 20140603 CVE-2014-0907 - SetUID/SetGID Programs Allow Privilege Escalation Via Insecure RPATH In IBM DB2
misc
sectrack
  • 1030670
  • 1030671
secunia
  • 59451
  • 59463
  • 60482
xf ibm-cve20140907-priv-escalation(91869)
Last major update 29-08-2017 - 01:34
Published 30-05-2014 - 23:55
Last modified 29-08-2017 - 01:34
Back to Top