Vulnerability Description
Multiple untrusted search path vulnerabilities in unspecified (1) setuid and (2) setgid programs in IBM DB2 9.5, 9.7 before FP9a, 9.8, 10.1 before FP3a, and 10.5 before FP3a on Linux and UNIX allow local users to gain root privileges via a Trojan horse library.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Db2 | 9.5 |
References
- http://packetstormsecurity.com/files/126940/IBM-DB2-Privilege-Escalation.html
- http://seclists.org/fulldisclosure/2014/Jun/7
- http://secunia.com/advisories/59451
- http://secunia.com/advisories/59463
- http://secunia.com/advisories/60482
- http://www-01.ibm.com/support/docview.wss?uid=isg400001841
- http://www-01.ibm.com/support/docview.wss?uid=isg400001843
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT00627
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT00684
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT00685
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT00686
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT00687
- http://www-01.ibm.com/support/docview.wss?uid=swg21680454
- http://www-304.ibm.com/support/docview.wss?uid=swg21676135
- http://www.ibm.com/support/docview.wss?uid=swg1IT00686
FAQ
What is CVE-2014-0907?
CVE-2014-0907 is a vulnerability with a CVSS score of 7.2 (HIGH). Multiple untrusted search path vulnerabilities in unspecified (1) setuid and (2) setgid programs in IBM DB2 9.5, 9.7 before FP9a, 9.8, 10.1 before FP3a, and 10.5 before FP3a on Linux and UNIX allow lo...
How severe is CVE-2014-0907?
CVE-2014-0907 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-0907?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Db2.