CVE-2014-0907

Severity Score

7.2

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Multiple untrusted search path vulnerabilities in unspecified (1) setuid and (2) setgid programs in IBM DB2 9.5, 9.7 before FP9a, 9.8, 10.1 before FP3a, and 10.5 before FP3a on Linux and UNIX allow local users to gain root privileges via a Trojan horse library.

Múltiples vulnerabilidades de búsqueda de ruta no confiable en programas no especificados (1) setuid y (2) setgid en IBM DB2 9.5, 9.7 anterior a FP9a, 9.8, 10.1 anterior a FP3a y 10.5 anterior a FP3a en Linux y UNIX permiten a usuarios locales ganar privilegios root a través de una libraría caballo de troya.

*Credits: N/A

CVSS Scores

NISTv2 7.2

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2014-01-06 CVE Reserved
2014-05-30 CVE Published
2024-05-28 EPSS Updated
2024-08-06 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (22)

URL	Tag	Source
http://packetstormsecurity.com/files/126940/IBM-DB2-Privilege-Escalation.html	X_refsource_misc
http://seclists.org/fulldisclosure/2014/Jun/7	Mailing List
http://secunia.com/advisories/59451	Third Party Advisory
http://secunia.com/advisories/59463	Third Party Advisory
http://secunia.com/advisories/60482	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=isg400001841	X_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=isg400001843	X_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21680454	X_refsource_confirm
http://www-304.ibm.com/support/docview.wss?uid=swg21676135	X_refsource_confirm
http://www.ibm.com/support/docview.wss?uid=swg1IT00686	X_refsource_confirm
http://www.securityfocus.com/bid/67617	Vdb Entry
http://www.securitytracker.com/id/1030670	Vdb Entry
http://www.securitytracker.com/id/1030671	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/91869	Vdb Entry
https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-0907	X_refsource_misc

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://www-01.ibm.com/support/docview.wss?uid=swg1IT00627	2017-08-29
http://www-01.ibm.com/support/docview.wss?uid=swg1IT00684	2017-08-29
http://www-01.ibm.com/support/docview.wss?uid=swg1IT00685	2017-08-29
http://www-01.ibm.com/support/docview.wss?uid=swg1IT00686	2017-08-29
http://www-01.ibm.com/support/docview.wss?uid=swg1IT00687	2017-08-29
http://www.ibm.com/support/docview.wss?uid=swg21610582#4	2017-08-29
http://www.ibm.com/support/docview.wss?uid=swg21672100	2017-08-29

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Ibm Search vendor "Ibm"		Db2 Search vendor "Ibm" for product "Db2"				9.5 Search vendor "Ibm" for product "Db2" and version "9.5"		-		Affected
Ibm Search vendor "Ibm"		Db2 Search vendor "Ibm" for product "Db2"				9.7 Search vendor "Ibm" for product "Db2" and version "9.7"		-		Affected
Ibm Search vendor "Ibm"		Db2 Search vendor "Ibm" for product "Db2"				9.7.0.1 Search vendor "Ibm" for product "Db2" and version "9.7.0.1"		-		Affected
Ibm Search vendor "Ibm"		Db2 Search vendor "Ibm" for product "Db2"				9.7.0.2 Search vendor "Ibm" for product "Db2" and version "9.7.0.2"		-		Affected
Ibm Search vendor "Ibm"		Db2 Search vendor "Ibm" for product "Db2"				9.7.0.3 Search vendor "Ibm" for product "Db2" and version "9.7.0.3"		-		Affected
Ibm Search vendor "Ibm"		Db2 Search vendor "Ibm" for product "Db2"				9.7.0.4 Search vendor "Ibm" for product "Db2" and version "9.7.0.4"		-		Affected
Ibm Search vendor "Ibm"		Db2 Search vendor "Ibm" for product "Db2"				9.7.0.5 Search vendor "Ibm" for product "Db2" and version "9.7.0.5"		-		Affected
Ibm Search vendor "Ibm"		Db2 Search vendor "Ibm" for product "Db2"				9.7.0.6 Search vendor "Ibm" for product "Db2" and version "9.7.0.6"		-		Affected
Ibm Search vendor "Ibm"		Db2 Search vendor "Ibm" for product "Db2"				9.7.0.7 Search vendor "Ibm" for product "Db2" and version "9.7.0.7"		-		Affected
Ibm Search vendor "Ibm"		Db2 Search vendor "Ibm" for product "Db2"				9.7.0.8 Search vendor "Ibm" for product "Db2" and version "9.7.0.8"		-		Affected
Ibm Search vendor "Ibm"		Db2 Search vendor "Ibm" for product "Db2"				9.7.0.9 Search vendor "Ibm" for product "Db2" and version "9.7.0.9"		-		Affected
Ibm Search vendor "Ibm"		Db2 Search vendor "Ibm" for product "Db2"				10.1 Search vendor "Ibm" for product "Db2" and version "10.1"		-		Affected
Ibm Search vendor "Ibm"		Db2 Search vendor "Ibm" for product "Db2"				10.1.0.1 Search vendor "Ibm" for product "Db2" and version "10.1.0.1"		-		Affected
Ibm Search vendor "Ibm"		Db2 Search vendor "Ibm" for product "Db2"				10.1.0.2 Search vendor "Ibm" for product "Db2" and version "10.1.0.2"		-		Affected
Ibm Search vendor "Ibm"		Db2 Search vendor "Ibm" for product "Db2"				10.1.0.3 Search vendor "Ibm" for product "Db2" and version "10.1.0.3"		-		Affected
Ibm Search vendor "Ibm"		Db2 Search vendor "Ibm" for product "Db2"				10.5 Search vendor "Ibm" for product "Db2" and version "10.5"		-		Affected
Ibm Search vendor "Ibm"		Db2 Search vendor "Ibm" for product "Db2"				10.5.0.1 Search vendor "Ibm" for product "Db2" and version "10.5.0.1"		-		Affected
Ibm Search vendor "Ibm"		Db2 Search vendor "Ibm" for product "Db2"				10.5.0.2 Search vendor "Ibm" for product "Db2" and version "10.5.0.2"		-		Affected