IBM Security Bulletin: IBM® Db2® is affected by multiple privilege escalation vulnerabilities (CVE-2018-1799, CVE-2018-1780, CVE-2018-1781, CVE-2018-1834).

Nov 7, 2018 8:01 am EST

Categorized: High Severity

Share this post:

Db2 is vulnerable to privilege escalation by exploiting multiple symbolic link attacks, which could allow the Db2 instance owner or DAS owner to obtain root access.

CVE(s): CVE-2018-1799, CVE-2018-1780, CVE-2018-1781, CVE-2018-1834

Affected product(s) and affected version(s):

All fix pack levels of IBM Db2 V9.7, V10.1, V10.5, and V11.1 editions on all platforms except Windows are affected. Windows platforms are not affected.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10733939
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/149429
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/148803
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/148804
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/150511

from IBM Product Security Incident Response Team https://ift.tt/2ARbW0T