CVE-2014-0907
First published: Fri May 30 2014(Updated: )
Multiple untrusted search path vulnerabilities in unspecified (1) setuid and (2) setgid programs in IBM DB2 9.5, 9.7 before FP9a, 9.8, 10.1 before FP3a, and 10.5 before FP3a on Linux and UNIX allow local users to gain root privileges via a Trojan horse library.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ibm Db2 | =9.5 | |
| Ibm Db2 | =9.7 | |
| Ibm Db2 | =9.7.0.1 | |
| Ibm Db2 | =9.7.0.2 | |
| Ibm Db2 | =9.7.0.3 | |
| Ibm Db2 | =9.7.0.4 | |
| Ibm Db2 | =9.7.0.5 | |
| Ibm Db2 | =9.7.0.6 | |
| Ibm Db2 | =9.7.0.7 | |
| Ibm Db2 | =9.7.0.8 | |
| Ibm Db2 | =9.7.0.9 | |
| Ibm Db2 | =10.1 | |
| Ibm Db2 | =10.1.0.1 | |
| Ibm Db2 | =10.1.0.2 | |
| Ibm Db2 | =10.1.0.3 | |
| Ibm Db2 | =10.5 | |
| Ibm Db2 | =10.5.0.1 | |
| Ibm Db2 | =10.5.0.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://packetstormsecurity.com/files/126940/IBM-DB2-Privilege-Escalation.html
- http://seclists.org/fulldisclosure/2014/Jun/7
- http://secunia.com/advisories/59451
- http://secunia.com/advisories/59463
- http://secunia.com/advisories/60482
- http://www-01.ibm.com/support/docview.wss?uid=isg400001841
- http://www-01.ibm.com/support/docview.wss?uid=isg400001843
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT00627
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT00684
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT00685
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT00686
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT00687
- http://www-01.ibm.com/support/docview.wss?uid=swg21680454
- http://www-304.ibm.com/support/docview.wss?uid=swg21676135
- http://www.ibm.com/support/docview.wss?uid=swg1IT00686
- http://www.ibm.com/support/docview.wss?uid=swg21610582#4
- http://www.ibm.com/support/docview.wss?uid=swg21672100
- http://www.securityfocus.com/bid/67617
- http://www.securitytracker.com/id/1030670
- http://www.securitytracker.com/id/1030671
- https://exchange.xforce.ibmcloud.com/vulnerabilities/91869
- https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-0907/
- collector/nvd-index
- agent/references
- agent/severity
- agent/author
- agent/description
- agent/type
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/ibm
- canonical/ibm db2
- version/ibm db2/9.5
- version/ibm db2/9.7
- version/ibm db2/9.7.0.1
- version/ibm db2/9.7.0.2
- version/ibm db2/9.7.0.3
- version/ibm db2/9.7.0.4
- version/ibm db2/9.7.0.5
- version/ibm db2/9.7.0.6
- version/ibm db2/9.7.0.7
- version/ibm db2/9.7.0.8
- version/ibm db2/9.7.0.9
- version/ibm db2/10.1
- version/ibm db2/10.1.0.1
- version/ibm db2/10.1.0.2
- version/ibm db2/10.1.0.3
- version/ibm db2/10.5
- version/ibm db2/10.5.0.1
- version/ibm db2/10.5.0.2