PT-2016-6752 · Ibm · Ibm Db2
Published
2016-10-01
·
Updated
2017-07-30
·
CVE-2016-5995
CVSS v3.1
7.3
High
| Vector | AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
IBM DB2 versions 9.7 through 9.7 FP11
IBM DB2 versions 10.1 through 10.1 FP5
IBM DB2 versions 10.5 through 10.5 before FP8
IBM DB2 version 11.1 GA
Description
The issue allows local users to gain privileges via a Trojan horse library that is accessed by a setuid or setgid program, due to an untrusted search path vulnerability.
Recommendations
For IBM DB2 versions 9.7 through 9.7 FP11, update to a version after FP11 to resolve the issue.
For IBM DB2 versions 10.1 through 10.1 FP5, update to a version after FP5 to resolve the issue.
For IBM DB2 versions 10.5 through 10.5 before FP8, update to FP8 or later to resolve the issue.
For IBM DB2 version 11.1 GA, consider restricting access to setuid or setgid programs until a patch is available.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Db2