CVE-2014-0907

Sažetak

Multiple untrusted search path vulnerabilities in unspecified (1) setuid and (2) setgid programs in IBM DB2 9.5, 9.7 before FP9a, 9.8, 10.1 before FP3a, and 10.5 before FP3a on Linux and UNIX allow local users to gain root privileges via a Trojan horse library.

Reference

http://packetstormsecurity.com/files/126940/IBM-DB2-Privilege-Escalation.html
http://seclists.org/fulldisclosure/2014/Jun/7
http://secunia.com/advisories/59451
http://secunia.com/advisories/59463
http://secunia.com/advisories/60482
http://www.ibm.com/support/docview.wss?uid=swg1IT00686
http://www.ibm.com/support/docview.wss?uid=swg21610582#4
http://www.ibm.com/support/docview.wss?uid=swg21672100
http://www.securityfocus.com/bid/67617
http://www.securitytracker.com/id/1030670
http://www.securitytracker.com/id/1030671
http://www-01.ibm.com/support/docview.wss?uid=isg400001841
http://www-01.ibm.com/support/docview.wss?uid=isg400001843
http://www-01.ibm.com/support/docview.wss?uid=swg1IT00627
http://www-01.ibm.com/support/docview.wss?uid=swg1IT00684
http://www-01.ibm.com/support/docview.wss?uid=swg1IT00685
http://www-01.ibm.com/support/docview.wss?uid=swg1IT00686
http://www-01.ibm.com/support/docview.wss?uid=swg1IT00687
http://www-01.ibm.com/support/docview.wss?uid=swg21680454
http://www-304.ibm.com/support/docview.wss?uid=swg21676135
https://exchange.xforce.ibmcloud.com/vulnerabilities/91869
https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-0907/

CVSS

Base:	7.2
Impact:	10.0
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:L/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

29-08-2017 - 01:34

Objavljeno

30-05-2014 - 23:55