← Back

CVE-2019-4447

nvd nist
Published: Aug 26, 2019Modified: Nov 21, 2024

JSON object

Loading...
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD

Description

IBM DB2 High Performance Unload load for LUW 6.1, 6.1.0.1, 6.1.0.1 IF1, 6.1.0.2, 6.1.0.2 IF1, and 6.1.0.1 IF2 db2hpum_debug is a setuid root binary which trusts the PATH environment variable. A low privileged user can execute arbitrary commands as root by altering the PATH variable to point to a user controlled location. When a crash is induced the trojan gdb command is executed. IBM X-Force ID: 163488.

Affected (6)

Ibm
1 product
Db2 High Performance Unload Load
Configuration A
6 vulnerable · 2 platform
Vulnerable SoftwareAffected Versions
Ibm
Db2 High Performance Unload Load
Version 6.1.0.1
Db2 High Performance Unload Load
Version 6.1.0.1 if1
Db2 High Performance Unload Load
Version 6.1.0.1 if2
Db2 High Performance Unload Load
Version 6.1.0.2
Db2 High Performance Unload Load
Version 6.1.0.2 if1
Db2 High Performance Unload Load
Version 6.1
Running on/withPlatform Versions
Linux
Linux Kernel
All versions
Microsoft
Windows
All versions

Related CWEs

CWE-427
Uncontrolled Search Path Element
The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

References (4)

Source: psirt@us.ibm.com
PatchVendor Advisory
Source: psirt@us.ibm.com
VDB EntryVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
VDB EntryVendor Advisory

Timeline

No history available yet.