Home Unlabelled IBM Security Bulletin: Privilege escalation in IBM DB2 HPU debug binary via trusted PATH

IBM Security Bulletin: Privilege escalation in IBM DB2 HPU debug binary via trusted PATH

By
Wednesday, August 21, 2019
Read
Add Comment

IBM DB2 High Performance Unload load shared libraries from an untrusted path potentially giving low privilege user full access to root by loading a malicious shared library.

CVE(s): CVE-2019-4447, CVE-2019-4448

Affected product(s) and affected version(s):

DB2 High Performance Unload load for LUW 6.1

DB2 High Performance Unload load for LUW 6.1.0.1

DB2 High Performance Unload load for LUW 6.1.0.1 IF1

DB2 High Performance Unload load for LUW 6.1.0.2

DB2 High Performance Unload load for LUW 6.1.0.2 IF1

DB2 High Performance Unload load for LUW 6.1.0.2 IF2

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10964592
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/163488
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/163489

The post IBM Security Bulletin: Privilege escalation in IBM DB2 HPU debug binary via trusted PATH appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team https://ift.tt/2L0D1SW
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us