IBM DB2 Local Privilege Escalation Vulnerability (CVE-2014-0907)

Release date:
Updated on:

Affected Systems:
IBM DB2 Connect 9.x
Description:
--------------------------------------------------------------------------------
Bugtraq id: 67617
CVE (CAN) ID: CVE-2014-0907
 
IBM DB2 is a large commercial relational database system. DB2 Connect connects PCs and mobile devices to the organization's mainframe.
 
Multiple IBM DB2 products have the local privilege escalation vulnerability, which allows attackers to obtain root privileges. The affected products are as follows:
IBM DB2 Express Edition
IBM DB2 Workgroup Server Edition
IBM DB2 Enterprise Server Edition
IBM DB2 Connect Application Server Edition
IBM DB2 Connect Application Server Advanced Edition
IBM DB2 Connect Enterprise Edition
IBM DB2 Connect Unlimited Edition for System I
IBM DB2 Connect Unlimited Edition for System z
IBM DB2 Connect Unlimited Advanced Edition for System z
IBM DB2 pureScale Feature 10.1
IBM DB2 Advanced Enterprise Server Edition 10.5
IBM DB2 Advanced Workgroup Server Edition 10.5
IBM DB2 Developer Edition for Linux, Unix and Windows 10.5
 
<* Source: Tim Brown
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
 
IBM
---
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
 
Http://www.ibm.com/support/fixcentral/

This article permanently updates the link address: