2 matches found
Security Bulletin: Privilege escalation in IBM® Db2® via loading libraries from untrusted path (CVE-2018-1487).
Summary Db2 loads shared libraries from an untrusted path potentially giving low privilege user full access to the DB2 instance account by loading a malicious shared library. All instance owner executables that run with elevated privileges setuid are affected. Root setuid executables are not...
CVE-2018-1487
CVE-2018-1487 affects IBM Db2 for Linux, UNIX and Windows (including DB2 Connect Server) across multiple releases (9.7, 10.1, 10.5, 11.1). The root cause is loading shared libraries from an untrusted path, potentially allowing a local attacker to gain full access to the DB2 instance account by lo...