CVE-2014-0907

Name of the Vulnerable Software and Affected Versions IBM DB2 versions 9.5, 9.7 before FP9a, 9.8, 10.1 before FP3a, and 10.5 before FP3a

Description The issue allows local users to gain root privileges via a Trojan horse library, exploiting multiple untrusted search path vulnerabilities in setuid and setgid programs.

Recommendations For IBM DB2 version 9.5, update to a version that includes the necessary security fixes. For IBM DB2 version 9.7, apply FP9a or a later fix pack to resolve the issue. For IBM DB2 version 9.8, upgrade to a newer version that includes the security patches. For IBM DB2 version 10.1, apply FP3a or a later fix pack to address the vulnerability. For IBM DB2 version 10.5, apply FP3a or a later fix pack to resolve the issue.