Vulnerability Name:

CVE-2014-0907 (CCN-91869)

Assigned:2014-05-26
Published:2014-05-26
Updated:2017-08-29
Summary:Multiple untrusted search path vulnerabilities in unspecified (1) setuid and (2) setgid programs in IBM DB2 9.5, 9.7 before FP9a, 9.8, 10.1 before FP3a, and 10.5 before FP3a on Linux and UNIX allow local users to gain root privileges via a Trojan horse library.
Per http://cwe.mitre.org/data/definitions/426.html

"CWE-426: Untrusted Search Path"
CVSS v3 Severity:9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.3 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
6.9 Medium (CCN CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C)
5.1 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Privileges
References:Source: MITRE
Type: CNA
CVE-2014-0907

Source: MISC
Type: UNKNOWN
http://packetstormsecurity.com/files/126940/IBM-DB2-Privilege-Escalation.html

Source: FULLDISC
Type: UNKNOWN
20140603 CVE-2014-0907 - SetUID/SetGID Programs Allow Privilege Escalation Via Insecure RPATH In IBM DB2

Source: SECUNIA
Type: UNKNOWN
59451

Source: SECUNIA
Type: UNKNOWN
59463

Source: SECUNIA
Type: UNKNOWN
60482

Source: CONFIRM
Type: UNKNOWN
http://www-01.ibm.com/support/docview.wss?uid=isg400001841

Source: CONFIRM
Type: UNKNOWN
http://www-01.ibm.com/support/docview.wss?uid=isg400001843

Source: AIXAPAR
Type: UNKNOWN
IT00627

Source: AIXAPAR
Type: UNKNOWN
IT00684

Source: AIXAPAR
Type: UNKNOWN
IT00685

Source: AIXAPAR
Type: UNKNOWN
IT00686

Source: AIXAPAR
Type: UNKNOWN
IT00687

Source: CCN
Type: IBM Security Bulletin 1670854
Vulnerabilities in IBM Tivoli Monitoring agents with potential for privilege escalation (CVE-2014-0907)

Source: CCN
Type: IBM Security Bulletin 1672100
Local escalation of privilege vulnerability in IBM® DB2® (CVE-2014-0907)

Source: CCN
Type: IBM Security Bulletin 1680454
TSM client SetUID elevation of privilege (CVE-2014-0907)

Source: CONFIRM
Type: UNKNOWN
http://www-01.ibm.com/support/docview.wss?uid=swg21680454

Source: CONFIRM
Type: UNKNOWN
http://www-304.ibm.com/support/docview.wss?uid=swg21676135

Source: CCN
Type: IBM Security Bulletin 1020243
IBM PowerVC Local escalation of privilege vulnerability in IBM DB2 (CVE-2014-0907)

Source: CONFIRM
Type: UNKNOWN
http://www.ibm.com/support/docview.wss?uid=swg1IT00686

Source: CONFIRM
Type: Vendor Advisory
http://www.ibm.com/support/docview.wss?uid=swg21610582#4

Source: CCN
Type: IBM Security Bulletin 1671886
TSM for ACS AIX elevated privilege vulnerability (CVE-2014-0907)

Source: CCN
Type: IBM Security Bulletin 1671953
The IBM PureData System for Operational Analytics A1791 is affected by a local escalation of privilege vulnerability in IBM DB2 for Linux, Unix and Windows (CVE-2014-0907)

Source: CCN
Type: IBM Security Bulletin 1671958
The IBM Smart Analytics System 7700 and 7710 are affected by a local escalation of privilege vulnerability in IBM DB2 for Linux, Unix, and Windows (CVE-2014-0907)

Source: CONFIRM
Type: Vendor Advisory
http://www.ibm.com/support/docview.wss?uid=swg21672100

Source: CCN
Type: IBM Security Bulletin 1674204
The IBM Smart Analytics System 7600 is affected by a local escalation of privilege vulnerability in IBM DB2 for Linux, Unix and Windows (CVE-2014-0907)

Source: CCN
Type: IBM Security Bulletin 1676135
IBM Tivoli Composite Application Manager for Transactions is affected by a Local escalation of privilege vulnerability (CVE-2014-0907)

Source: CCN
Type: IBM Security Bulletin 1678196
Tivoli Workload Scheduler elevated privileges (SetGID and SetUID programs) (CVE-2014-0907)

Source: BID
Type: UNKNOWN
67617

Source: CCN
Type: BID-67617
Multiple IBM DB2 Products CVE-2014-0907 Local Privilege Escalation Vulnerability

Source: SECTRACK
Type: UNKNOWN
1030670

Source: SECTRACK
Type: UNKNOWN
1030671

Source: XF
Type: UNKNOWN
ibm-cve20140907-priv-escalation(91869)

Source: XF
Type: UNKNOWN
ibm-cve20140907-priv-escalation(91869)

Source: MISC
Type: UNKNOWN
https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-0907/

Vulnerable Configuration:Configuration 1:
  • cpe:/a:ibm:db2:9.5:-:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2:9.7:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2:9.7.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2:9.7.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2:9.7.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2:9.7.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2:9.7.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2:9.7.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2:9.7.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2:9.7.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2:9.7.0.9:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2:10.1:*:*:*:*:-:*:*
  • OR cpe:/a:ibm:db2:10.1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2:10.1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2:10.1.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2:10.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2:10.5.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2:10.5.0.2:*:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:ibm:db2:9.5:-:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2:9.7:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_storage_manager:5.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_storage_manager:5.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_storage_manager:6.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_storage_manager:6.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2:10.1:*:*:*:*:-:*:*
  • OR cpe:/a:ibm:db2:9.8:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_storage_manager:6.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_storage_manager:6.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2:10.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_storage_manager:7.1:*:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:tivoli_workload_scheduler:9.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:powervc:1.2.0.0:*:*:*:standard:*:*:*
  • OR cpe:/a:ibm:tivoli_workload_scheduler:8.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_workload_scheduler:9.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:powervc:1.2.1.0:-:-:-:standard:*:*:*

  • * Denotes that component is vulnerable
    BACK
    ibm db2 9.5
    ibm db2 9.7
    ibm db2 9.7.0.1
    ibm db2 9.7.0.2
    ibm db2 9.7.0.3
    ibm db2 9.7.0.4
    ibm db2 9.7.0.5
    ibm db2 9.7.0.6
    ibm db2 9.7.0.7
    ibm db2 9.7.0.8
    ibm db2 9.7.0.9
    ibm db2 10.1
    ibm db2 10.1.0.1
    ibm db2 10.1.0.2
    ibm db2 10.1.0.3
    ibm db2 10.5
    ibm db2 10.5.0.1
    ibm db2 10.5.0.2
    ibm db2 9.5
    ibm db2 9.7
    ibm tivoli monitoring 6.2.1
    ibm tivoli monitoring 6.2.2
    ibm tivoli storage manager 5.4
    ibm tivoli storage manager 5.5
    ibm tivoli storage manager 6.1
    ibm tivoli storage manager 6.2
    ibm db2 10.1
    ibm db2 9.8
    ibm tivoli monitoring 6.2.3
    ibm tivoli storage manager 6.3
    ibm tivoli storage manager 6.4
    ibm tivoli monitoring 6.2.0
    ibm tivoli monitoring 6.3.0
    ibm db2 10.5
    ibm tivoli storage manager 7.1
    ibm tivoli workload scheduler 9.1
    ibm powervc 1.2.0.0
    ibm tivoli workload scheduler 8.6
    ibm tivoli workload scheduler 9.2
    ibm powervc 1.2.1.0 -