CVE-2014-0907
6.4 Medium
AI Score
Confidence
Low
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
25.5%
Multiple untrusted search path vulnerabilities in unspecified (1) setuid and (2) setgid programs in IBM DB2 9.5, 9.7 before FP9a, 9.8, 10.1 before FP3a, and 10.5 before FP3a on Linux and UNIX allow local users to gain root privileges via a Trojan horse library.
References
packetstormsecurity.com/files/126940/IBM-DB2-Privilege-Escalation.html
seclists.org/fulldisclosure/2014/Jun/7
secunia.com/advisories/59451
secunia.com/advisories/59463
secunia.com/advisories/60482
www-01.ibm.com/support/docview.wss?uid=isg400001841
www-01.ibm.com/support/docview.wss?uid=isg400001843
www-01.ibm.com/support/docview.wss?uid=swg1IT00627
www-01.ibm.com/support/docview.wss?uid=swg1IT00684
www-01.ibm.com/support/docview.wss?uid=swg1IT00685
www-01.ibm.com/support/docview.wss?uid=swg1IT00686
www-01.ibm.com/support/docview.wss?uid=swg1IT00687
www-01.ibm.com/support/docview.wss?uid=swg21680454
www-304.ibm.com/support/docview.wss?uid=swg21676135
www.ibm.com/support/docview.wss?uid=swg1IT00686
www.ibm.com/support/docview.wss?uid=swg21610582#4
www.ibm.com/support/docview.wss?uid=swg21672100
www.securityfocus.com/bid/67617
www.securitytracker.com/id/1030670
www.securitytracker.com/id/1030671
exchange.xforce.ibmcloud.com/vulnerabilities/91869
www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-0907/
Related
6.4 Medium
AI Score
Confidence
Low
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
25.5%