CVE-2014-0907
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
30/05/2014
Last modified:
12/04/2025
Description
Multiple untrusted search path vulnerabilities in unspecified (1) setuid and (2) setgid programs in IBM DB2 9.5, 9.7 before FP9a, 9.8, 10.1 before FP3a, and 10.5 before FP3a on Linux and UNIX allow local users to gain root privileges via a Trojan horse library.
Impact
Base Score 2.0
7.20
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:ibm:db2:9.5:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ibm:db2:9.7.0.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ibm:db2:9.7.0.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ibm:db2:9.7.0.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ibm:db2:9.7.0.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ibm:db2:9.7.0.5:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ibm:db2:9.7.0.6:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ibm:db2:9.7.0.7:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ibm:db2:9.7.0.8:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ibm:db2:9.7.0.9:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ibm:db2:10.1.0.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ibm:db2:10.1.0.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ibm:db2:10.1.0.3:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://packetstormsecurity.com/files/126940/IBM-DB2-Privilege-Escalation.html
- http://seclists.org/fulldisclosure/2014/Jun/7
- http://secunia.com/advisories/59451
- http://secunia.com/advisories/59463
- http://secunia.com/advisories/60482
- http://www-01.ibm.com/support/docview.wss?uid=isg400001841
- http://www-01.ibm.com/support/docview.wss?uid=isg400001843
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT00627
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT00684
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT00685
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT00686
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT00687
- http://www-01.ibm.com/support/docview.wss?uid=swg21680454
- http://www-304.ibm.com/support/docview.wss?uid=swg21676135
- http://www.ibm.com/support/docview.wss?uid=swg1IT00686
- http://www.ibm.com/support/docview.wss?uid=swg21610582#4
- http://www.ibm.com/support/docview.wss?uid=swg21672100
- http://www.securityfocus.com/bid/67617
- http://www.securitytracker.com/id/1030670
- http://www.securitytracker.com/id/1030671
- https://exchange.xforce.ibmcloud.com/vulnerabilities/91869
- https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-0907/
- http://packetstormsecurity.com/files/126940/IBM-DB2-Privilege-Escalation.html
- http://seclists.org/fulldisclosure/2014/Jun/7
- http://secunia.com/advisories/59451
- http://secunia.com/advisories/59463
- http://secunia.com/advisories/60482
- http://www-01.ibm.com/support/docview.wss?uid=isg400001841
- http://www-01.ibm.com/support/docview.wss?uid=isg400001843
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT00627
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT00684
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT00685
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT00686
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT00687
- http://www-01.ibm.com/support/docview.wss?uid=swg21680454
- http://www-304.ibm.com/support/docview.wss?uid=swg21676135
- http://www.ibm.com/support/docview.wss?uid=swg1IT00686
- http://www.ibm.com/support/docview.wss?uid=swg21610582#4
- http://www.ibm.com/support/docview.wss?uid=swg21672100
- http://www.securityfocus.com/bid/67617
- http://www.securitytracker.com/id/1030670
- http://www.securitytracker.com/id/1030671
- https://exchange.xforce.ibmcloud.com/vulnerabilities/91869
- https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-0907/