CVE-2019-4094

Name of the Vulnerable Software and Affected Versions IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) versions 9.7, 10.1, 10.5, and 11.1

Description The issue allows low privilege users to potentially gain full access to root by loading a malicious shared library, as the binaries load shared libraries from an untrusted path.

Recommendations For versions 9.7, 10.1, 10.5, and 11.1, consider restricting access to shared libraries to prevent loading from untrusted paths until a fix is available. As a temporary workaround, restrict the ability of low privilege users to load shared libraries. Avoid using shared libraries from untrusted sources in the affected IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) versions.