CVE-2014-0907 Information

Description

Multiple untrusted search path vulnerabilities in unspecified (1) setuid and (2) setgid programs in IBM DB2 9.5 9.7 before FP9a 9.8 10.1 before FP3a and 10.5 before FP3a on Linux and UNIX allow local users to gain root privileges via a Trojan horse library.

Reference

http://packetstormsecurity.com/files/126940/IBM-DB2-Privilege-Escalation.html http://seclists.org/fulldisclosure/2014/Jun/7 http://secunia.com/advisories/59451 http://secunia.com/advisories/59463 http://secunia.com/advisories/60482 http://www.ibm.com/support/docview.wss?uid=swg1IT00686 http://www.ibm.com/support/docview.wss?uid=swg216105824 http://www.ibm.com/support/docview.wss?uid=swg21672100 http://www.securityfocus.com/bid/67617 http://www.securitytracker.com/id/1030670 http://www.securitytracker.com/id/1030671 http://www-01.ibm.com/support/docview.wss?uid=isg400001841 http://www-01.ibm.com/support/docview.wss?uid=isg400001843 http://www-01.ibm.com/support/docview.wss?uid=swg1IT00627 http://www-01.ibm.com/support/docview.wss?uid=swg1IT00684 http://www-01.ibm.com/support/docview.wss?uid=swg1IT00685 http://www-01.ibm.com/support/docview.wss?uid=swg1IT00686 http://www-01.ibm.com/support/docview.wss?uid=swg1IT00687 http://www-01.ibm.com/support/docview.wss?uid=swg21680454 http://www-304.ibm.com/support/docview.wss?uid=swg21676135 https://exchange.xforce.ibmcloud.com/vulnerabilities/91869 https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-0907/