CVE-2014-0907
First published: Fri May 30 2014(Updated: )
Multiple untrusted search path vulnerabilities in unspecified (1) setuid and (2) setgid programs in IBM DB2 9.5, 9.7 before FP9a, 9.8, 10.1 before FP3a, and 10.5 before FP3a on Linux and UNIX allow local users to gain root privileges via a Trojan horse library.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Db2 | =9.5 | |
| IBM Db2 | =9.7 | |
| IBM Db2 | =9.7.0.1 | |
| IBM Db2 | =9.7.0.2 | |
| IBM Db2 | =9.7.0.3 | |
| IBM Db2 | =9.7.0.4 | |
| IBM Db2 | =9.7.0.5 | |
| IBM Db2 | =9.7.0.6 | |
| IBM Db2 | =9.7.0.7 | |
| IBM Db2 | =9.7.0.8 | |
| IBM Db2 | =9.7.0.9 | |
| IBM Db2 | =10.1 | |
| IBM Db2 | =10.1.0.1 | |
| IBM Db2 | =10.1.0.2 | |
| IBM Db2 | =10.1.0.3 | |
| IBM Db2 | =10.5 | |
| IBM Db2 | =10.5.0.1 | |
| IBM Db2 | =10.5.0.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://packetstormsecurity.com/files/126940/IBM-DB2-Privilege-Escalation.html
- http://seclists.org/fulldisclosure/2014/Jun/7
- http://secunia.com/advisories/59451
- http://secunia.com/advisories/59463
- http://secunia.com/advisories/60482
- http://www-01.ibm.com/support/docview.wss?uid=isg400001841
- http://www-01.ibm.com/support/docview.wss?uid=isg400001843
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT00627
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT00684
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT00685
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT00686
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT00687
- http://www-01.ibm.com/support/docview.wss?uid=swg21680454
- http://www-304.ibm.com/support/docview.wss?uid=swg21676135
- http://www.ibm.com/support/docview.wss?uid=swg1IT00686
- http://www.ibm.com/support/docview.wss?uid=swg21610582#4
- http://www.ibm.com/support/docview.wss?uid=swg21672100
- http://www.securityfocus.com/bid/67617
- http://www.securitytracker.com/id/1030670
- http://www.securitytracker.com/id/1030671
- https://exchange.xforce.ibmcloud.com/vulnerabilities/91869
- https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-0907/
Frequently Asked Questions
What is the severity of CVE-2014-0907?
The severity of CVE-2014-0907 is considered high due to the potential to gain root privileges on affected systems.
How do I fix CVE-2014-0907?
To fix CVE-2014-0907, you should update your IBM DB2 to the latest version that includes the security patches addressing these vulnerabilities.
Which versions of IBM DB2 are affected by CVE-2014-0907?
CVE-2014-0907 affects IBM DB2 versions 9.5, 9.7 prior to FP9a, 9.8, 10.1 prior to FP3a, and 10.5 prior to FP3a.
Can local users exploit CVE-2014-0907?
Yes, local users can exploit CVE-2014-0907 to gain unauthorized root privileges on systems running affected versions of IBM DB2.
What types of vulnerabilities are present in CVE-2014-0907?
CVE-2014-0907 contains multiple untrusted search path vulnerabilities in setuid and setgid programs.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/author
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ibm
- canonical/ibm db2
- version/ibm db2/9.5
- version/ibm db2/9.7
- version/ibm db2/9.7.0.1
- version/ibm db2/9.7.0.2
- version/ibm db2/9.7.0.3
- version/ibm db2/9.7.0.4
- version/ibm db2/9.7.0.5
- version/ibm db2/9.7.0.6
- version/ibm db2/9.7.0.7
- version/ibm db2/9.7.0.8
- version/ibm db2/9.7.0.9
- version/ibm db2/10.1
- version/ibm db2/10.1.0.1
- version/ibm db2/10.1.0.2
- version/ibm db2/10.1.0.3
- version/ibm db2/10.5
- version/ibm db2/10.5.0.1
- version/ibm db2/10.5.0.2