CVE-2014-0907
Last modified
CVE-2014-0907 is a vulnerability of currently unknown severity. Multiple untrusted search path vulnerabilities in unspecified (1) setuid and (2) setgid programs in IBM DB2 9.5, 9.7 before FP9a, 9.8, 10.1 before FP3a, and 10.5 before FP3a on Linux and UNIX allow local users to gain root privileges via a Trojan horse library.. EPSS estimates a 0.66% chance of exploitation in the next 30 days.
Description
Multiple untrusted search path vulnerabilities in unspecified (1) setuid and (2) setgid programs in IBM DB2 9.5, 9.7 before FP9a, 9.8, 10.1 before FP3a, and 10.5 before FP3a on Linux and UNIX allow local users to gain root privileges via a Trojan horse library.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Db2 | 9.5 |
| Ibm | Db2 | 9.7 |
| Ibm | Db2 | 9.7.0.1 |
| Ibm | Db2 | 9.7.0.2 |
| Ibm | Db2 | 9.7.0.3 |
| Ibm | Db2 | 9.7.0.4 |
| Ibm | Db2 | 9.7.0.5 |
| Ibm | Db2 | 9.7.0.6 |
| Ibm | Db2 | 9.7.0.7 |
| Ibm | Db2 | 9.7.0.8 |
| Ibm | Db2 | 9.7.0.9 |
| Ibm | Db2 | 10.1 |
| Ibm | Db2 | 10.1.0.1 |
| Ibm | Db2 | 10.1.0.2 |
| Ibm | Db2 | 10.1.0.3 |
| Ibm | Db2 | 10.5 |
| Ibm | Db2 | 10.5.0.1 |
| Ibm | Db2 | 10.5.0.2 |
References
- http://www.ibm.com/support/docview.wss?uid=swg21610582#4Vendor Advisory
- http://www.ibm.com/support/docview.wss?uid=swg21672100Vendor Advisory
- http://www.ibm.com/support/docview.wss?uid=swg21610582#4Vendor Advisory
- http://www.ibm.com/support/docview.wss?uid=swg21672100Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2014-0907?
How severe is CVE-2014-0907?
How do I fix CVE-2014-0907?
Are you affected by CVE-2014-0907?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST