CVE-2016-5995

Name of the Vulnerable Software and Affected Versions IBM DB2 versions 9.7 through 9.7 FP11 IBM DB2 versions 10.1 through 10.1 FP5 IBM DB2 versions 10.5 through 10.5 before FP8 IBM DB2 version 11.1 GA

Description The issue allows local users to gain privileges via a Trojan horse library that is accessed by a setuid or setgid program, due to an untrusted search path vulnerability.

Recommendations For IBM DB2 versions 9.7 through 9.7 FP11, update to a version after FP11 to resolve the issue. For IBM DB2 versions 10.1 through 10.1 FP5, update to a version after FP5 to resolve the issue. For IBM DB2 versions 10.5 through 10.5 before FP8, update to FP8 or later to resolve the issue. For IBM DB2 version 11.1 GA, consider restricting access to setuid or setgid programs until a patch is available.