Computer Security
[EN] securityvulns.ru no-pyccku


IBM DB2 privilege escalation
Published:14.06.2014
Source:
SecurityVulns ID:13832
Type:local
Threat Level:
5/10
Description:Insecure dynamic libraries loading.
CVE:CVE-2014-0907 (Multiple untrusted search path vulnerabilities in unspecified (1) setuid and (2) setgid programs in IBM DB2 9.5, 9.7 before FP9a, 9.8, 10.1 before FP3a, and 10.5 before FP3a on Linux and UNIX allow local users to gain root privileges via a Trojan horse library.)
Original documentdocumentadvisories_(at)_portcullis-security.com, CVE-2014-0907 - SetUID/SetGID Programs Allow Privilege Escalation Via Insecure RPATH In IBM DB2 (14.06.2014)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod