CVE-2016-5995

Untrusted search path vulnerability in IBM DB2 9.7 through FP11, 10.1 through FP5, 10.5 before FP8, and 11.1 GA on Linux, AIX, and HP-UX allows local users to gain privileges via a Trojan horse library that is accessed by a setuid or setgid program.

CVSS v3 7.3 HIGH
CVSS v2.0 6.9 MEDIUM

7.3^/10

CVSS v3 : HIGH

V3 Legend

Vector : AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Exploitability : 1.3 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.9^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 3.4 / Impact : 10.0

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www-01.ibm.com/support/docview.wss?uid=swg1IT16921	Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1IT17010	Permissions Required
http://www-01.ibm.com/support/docview.wss?uid=swg1IT17011	Permissions Required
http://www-01.ibm.com/support/docview.wss?uid=swg1IT17012	Permissions Required
http://www-01.ibm.com/support/docview.wss?uid=swg21990061	Patch Vendor Advisory
http://www.securityfocus.com/bid/93012
http://www.securitytracker.com/id/1036837
http://www-01.ibm.com/support/docview.wss?uid=swg1IT16921	Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1IT17010	Permissions Required
http://www-01.ibm.com/support/docview.wss?uid=swg1IT17011	Permissions Required
http://www-01.ibm.com/support/docview.wss?uid=swg1IT17012	Permissions Required
http://www-01.ibm.com/support/docview.wss?uid=swg21990061	Patch Vendor Advisory
http://www.securityfocus.com/bid/93012
http://www.securitytracker.com/id/1036837

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:ibm:db2:9.7:::::::*
	cpe:2.3:a:ibm:db2:9.7::::advanced_enterprise:::
	cpe:2.3:a:ibm:db2:9.7::::advanced_workgroup:::
	cpe:2.3:a:ibm:db2:9.7::::enterprise:::
	cpe:2.3:a:ibm:db2:9.7::::express:::
	cpe:2.3:a:ibm:db2:9.7::::workgroup:::
	cpe:2.3:a:ibm:db2:9.7.0.1:::::::*
	cpe:2.3:a:ibm:db2:9.7.0.1::::advanced_enterprise:::
	cpe:2.3:a:ibm:db2:9.7.0.1::::advanced_workgroup:::
	cpe:2.3:a:ibm:db2:9.7.0.1::::enterprise:::
	cpe:2.3:a:ibm:db2:9.7.0.1::::express:::
	cpe:2.3:a:ibm:db2:9.7.0.1::::workgroup:::
	cpe:2.3:a:ibm:db2:9.7.0.2:::::::*
	cpe:2.3:a:ibm:db2:9.7.0.2::::advanced_enterprise:::
	cpe:2.3:a:ibm:db2:9.7.0.2::::advanced_workgroup:::
	cpe:2.3:a:ibm:db2:9.7.0.2::::enterprise:::
	cpe:2.3:a:ibm:db2:9.7.0.2::::express:::
	cpe:2.3:a:ibm:db2:9.7.0.2::::workgroup:::
	cpe:2.3:a:ibm:db2:9.7.0.3:::::::*
	cpe:2.3:a:ibm:db2:9.7.0.3::::advanced_enterprise:::
	cpe:2.3:a:ibm:db2:9.7.0.3::::advanced_workgroup:::
	cpe:2.3:a:ibm:db2:9.7.0.3::::enterprise:::
	cpe:2.3:a:ibm:db2:9.7.0.3::::express:::
	cpe:2.3:a:ibm:db2:9.7.0.3::::workgroup:::
	cpe:2.3:a:ibm:db2:9.7.0.4:::::::*
	cpe:2.3:a:ibm:db2:9.7.0.4::::advanced_enterprise:::
	cpe:2.3:a:ibm:db2:9.7.0.4::::advanced_workgroup:::
	cpe:2.3:a:ibm:db2:9.7.0.4::::enterprise:::
	cpe:2.3:a:ibm:db2:9.7.0.4::::express:::
	cpe:2.3:a:ibm:db2:9.7.0.4::::workgroup:::
	cpe:2.3:a:ibm:db2:9.7.0.5:::::::*
	cpe:2.3:a:ibm:db2:9.7.0.5::::advanced_enterprise:::
	cpe:2.3:a:ibm:db2:9.7.0.5::::advanced_workgroup:::
	cpe:2.3:a:ibm:db2:9.7.0.5::::enterprise:::
	cpe:2.3:a:ibm:db2:9.7.0.5::::express:::
	cpe:2.3:a:ibm:db2:9.7.0.5::::workgroup:::
	cpe:2.3:a:ibm:db2:9.7.0.6:::::::*
	cpe:2.3:a:ibm:db2:9.7.0.6::::advanced_enterprise:::
	cpe:2.3:a:ibm:db2:9.7.0.6::::advanced_workgroup:::
	cpe:2.3:a:ibm:db2:9.7.0.6::::enterprise:::
	cpe:2.3:a:ibm:db2:9.7.0.6::::express:::
	cpe:2.3:a:ibm:db2:9.7.0.6::::workgroup:::
	cpe:2.3:a:ibm:db2:9.7.0.7:::::::*
	cpe:2.3:a:ibm:db2:9.7.0.7::::advanced_enterprise:::
	cpe:2.3:a:ibm:db2:9.7.0.7::::advanced_workgroup:::
	cpe:2.3:a:ibm:db2:9.7.0.7::::enterprise:::
	cpe:2.3:a:ibm:db2:9.7.0.7::::express:::
	cpe:2.3:a:ibm:db2:9.7.0.7::::workgroup:::
	cpe:2.3:a:ibm:db2:9.7.0.8:::::::*
	cpe:2.3:a:ibm:db2:9.7.0.8::::advanced_enterprise:::
	cpe:2.3:a:ibm:db2:9.7.0.8::::advanced_workgroup:::
	cpe:2.3:a:ibm:db2:9.7.0.8::::enterprise:::
	cpe:2.3:a:ibm:db2:9.7.0.8::::express:::
	cpe:2.3:a:ibm:db2:9.7.0.8::::workgroup:::
	cpe:2.3:a:ibm:db2:9.7.0.9:::::::*
	cpe:2.3:a:ibm:db2:9.7.0.9::::advanced_enterprise:::
	cpe:2.3:a:ibm:db2:9.7.0.9::::advanced_workgroup:::
	cpe:2.3:a:ibm:db2:9.7.0.9::::enterprise:::
	cpe:2.3:a:ibm:db2:9.7.0.9::::express:::
	cpe:2.3:a:ibm:db2:9.7.0.9::::workgroup:::
	cpe:2.3:a:ibm:db2:9.7.0.10:::::::*
	cpe:2.3:a:ibm:db2:9.7.0.10::::advanced_enterprise:::
	cpe:2.3:a:ibm:db2:9.7.0.10::::advanced_workgroup:::
	cpe:2.3:a:ibm:db2:9.7.0.10::::enterprise:::
cpe:2.3:a:ibm:db2:9.7.0.10::::express:::
cpe:2.3:a:ibm:db2:9.7.0.10::::workgroup:::
cpe:2.3:a:ibm:db2:9.7.0.11:::::::*
cpe:2.3:a:ibm:db2:9.7.0.11::::advanced_enterprise:::
cpe:2.3:a:ibm:db2:9.7.0.11::::advanced_workgroup:::
cpe:2.3:a:ibm:db2:9.7.0.11::::enterprise:::
cpe:2.3:a:ibm:db2:9.7.0.11::::express:::
cpe:2.3:a:ibm:db2:9.7.0.11::::workgroup:::
cpe:2.3:a:ibm:db2:10.1:::::::*
cpe:2.3:a:ibm:db2:10.1::::advanced_enterprise:::
cpe:2.3:a:ibm:db2:10.1::::advanced_workgroup:::
cpe:2.3:a:ibm:db2:10.1::::enterprise:::
cpe:2.3:a:ibm:db2:10.1::::express:::
cpe:2.3:a:ibm:db2:10.1::::workgroup:::
cpe:2.3:a:ibm:db2:10.1.0.1:::::::*
cpe:2.3:a:ibm:db2:10.1.0.1::::advanced_enterprise:::
cpe:2.3:a:ibm:db2:10.1.0.1::::advanced_workgroup:::
cpe:2.3:a:ibm:db2:10.1.0.1::::enterprise:::
cpe:2.3:a:ibm:db2:10.1.0.1::::express:::
cpe:2.3:a:ibm:db2:10.1.0.1::::workgroup:::
cpe:2.3:a:ibm:db2:10.1.0.2:::::::*
cpe:2.3:a:ibm:db2:10.1.0.2::::advanced_enterprise:::
cpe:2.3:a:ibm:db2:10.1.0.2::::advanced_workgroup:::
cpe:2.3:a:ibm:db2:10.1.0.2::::enterprise:::
cpe:2.3:a:ibm:db2:10.1.0.2::::express:::
cpe:2.3:a:ibm:db2:10.1.0.2::::workgroup:::
cpe:2.3:a:ibm:db2:10.1.0.3:::::::*
cpe:2.3:a:ibm:db2:10.1.0.3::::advanced_enterprise:::
cpe:2.3:a:ibm:db2:10.1.0.3::::advanced_workgroup:::
cpe:2.3:a:ibm:db2:10.1.0.3::::enterprise:::
cpe:2.3:a:ibm:db2:10.1.0.3::::express:::
cpe:2.3:a:ibm:db2:10.1.0.3::::workgroup:::
cpe:2.3:a:ibm:db2:10.1.0.4:::::::*
cpe:2.3:a:ibm:db2:10.1.0.4::::advanced_enterprise:::
cpe:2.3:a:ibm:db2:10.1.0.4::::advanced_workgroup:::
cpe:2.3:a:ibm:db2:10.1.0.4::::enterprise:::
cpe:2.3:a:ibm:db2:10.1.0.4::::express:::
cpe:2.3:a:ibm:db2:10.1.0.4::::workgroup:::
cpe:2.3:a:ibm:db2:10.1.0.5:::::::*
cpe:2.3:a:ibm:db2:10.1.0.5::::advanced_enterprise:::
cpe:2.3:a:ibm:db2:10.1.0.5::::advanced_workgroup:::
cpe:2.3:a:ibm:db2:10.1.0.5::::enterprise:::
cpe:2.3:a:ibm:db2:10.1.0.5::::express:::
cpe:2.3:a:ibm:db2:10.1.0.5::::workgroup:::
cpe:2.3:a:ibm:db2:10.5:::::::*
cpe:2.3:a:ibm:db2:10.5::::advanced_enterprise:::
cpe:2.3:a:ibm:db2:10.5::::advanced_workgroup:::
cpe:2.3:a:ibm:db2:10.5::::enterprise:::
cpe:2.3:a:ibm:db2:10.5::::express:::
cpe:2.3:a:ibm:db2:10.5::::workgroup:::
cpe:2.3:a:ibm:db2:10.5.0.1:::::::*
cpe:2.3:a:ibm:db2:10.5.0.1::::advanced_enterprise:::
cpe:2.3:a:ibm:db2:10.5.0.1::::advanced_workgroup:::
cpe:2.3:a:ibm:db2:10.5.0.1::::enterprise:::
cpe:2.3:a:ibm:db2:10.5.0.1::::express:::
cpe:2.3:a:ibm:db2:10.5.0.1::::workgroup:::
cpe:2.3:a:ibm:db2:10.5.0.2:::::::*
cpe:2.3:a:ibm:db2:10.5.0.2::::advanced_enterprise:::
cpe:2.3:a:ibm:db2:10.5.0.2::::advanced_workgroup:::
cpe:2.3:a:ibm:db2:10.5.0.2::::enterprise:::
cpe:2.3:a:ibm:db2:10.5.0.2::::express:::
cpe:2.3:a:ibm:db2:10.5.0.2::::workgroup:::
cpe:2.3:a:ibm:db2:10.5.0.3:::::::*
cpe:2.3:a:ibm:db2:10.5.0.3::::advanced_enterprise:::
cpe:2.3:a:ibm:db2:10.5.0.3::::advanced_workgroup:::
cpe:2.3:a:ibm:db2:10.5.0.3::::enterprise:::
cpe:2.3:a:ibm:db2:10.5.0.3::::express:::
cpe:2.3:a:ibm:db2:10.5.0.3::::workgroup:::
cpe:2.3:a:ibm:db2:10.5.0.4:::::::*
cpe:2.3:a:ibm:db2:10.5.0.4::::advanced_enterprise:::
cpe:2.3:a:ibm:db2:10.5.0.4::::advanced_workgroup:::
cpe:2.3:a:ibm:db2:10.5.0.4::::enterprise:::
cpe:2.3:a:ibm:db2:10.5.0.4::::express:::
cpe:2.3:a:ibm:db2:10.5.0.4::::workgroup:::
cpe:2.3:a:ibm:db2:10.5.0.5:::::::*
cpe:2.3:a:ibm:db2:10.5.0.5::::advanced_enterprise:::
cpe:2.3:a:ibm:db2:10.5.0.5::::advanced_workgroup:::
cpe:2.3:a:ibm:db2:10.5.0.5::::enterprise:::
cpe:2.3:a:ibm:db2:10.5.0.5::::express:::
cpe:2.3:a:ibm:db2:10.5.0.5::::workgroup:::
cpe:2.3:a:ibm:db2:10.5.0.6:::::::*
cpe:2.3:a:ibm:db2:10.5.0.6::::advanced_enterprise:::
cpe:2.3:a:ibm:db2:10.5.0.6::::advanced_workgroup:::
cpe:2.3:a:ibm:db2:10.5.0.6::::enterprise:::
cpe:2.3:a:ibm:db2:10.5.0.6::::express:::
cpe:2.3:a:ibm:db2:10.5.0.6::::workgroup:::
cpe:2.3:a:ibm:db2:10.5.0.7:::::::*
cpe:2.3:a:ibm:db2:10.5.0.7::::advanced_enterprise:::
cpe:2.3:a:ibm:db2:10.5.0.7::::advanced_workgroup:::
cpe:2.3:a:ibm:db2:10.5.0.7::::enterprise:::
cpe:2.3:a:ibm:db2:10.5.0.7::::express:::
cpe:2.3:a:ibm:db2:10.5.0.7::::workgroup:::
cpe:2.3:a:ibm:db2:11.1.0.0:::::::*
cpe:2.3:a:ibm:db2:11.1.0.0::::advanced_enterprise:::
cpe:2.3:a:ibm:db2:11.1.0.0::::advanced_workgroup:::
cpe:2.3:a:ibm:db2:11.1.0.0::::enterprise:::
cpe:2.3:a:ibm:db2:11.1.0.0::::express:::
cpe:2.3:a:ibm:db2:11.1.0.0::::workgroup:::
cpe:2.3:a:ibm:db2_connect:9.7::::application_server:::
cpe:2.3:a:ibm:db2_connect:9.7::::enterprise:::
cpe:2.3:a:ibm:db2_connect:9.7::::unlimited:::
cpe:2.3:a:ibm:db2_connect:9.7.0.1::::application_server:::
cpe:2.3:a:ibm:db2_connect:9.7.0.1::::enterprise:::
cpe:2.3:a:ibm:db2_connect:9.7.0.1::::unlimited:::
cpe:2.3:a:ibm:db2_connect:9.7.0.2::::application_server:::
cpe:2.3:a:ibm:db2_connect:9.7.0.2::::enterprise:::
cpe:2.3:a:ibm:db2_connect:9.7.0.2::::unlimited:::
cpe:2.3:a:ibm:db2_connect:9.7.0.3::::application_server:::
cpe:2.3:a:ibm:db2_connect:9.7.0.3::::enterprise:::
cpe:2.3:a:ibm:db2_connect:9.7.0.3::::unlimited:::
cpe:2.3:a:ibm:db2_connect:9.7.0.4::::application_server:::
cpe:2.3:a:ibm:db2_connect:9.7.0.4::::enterprise:::
cpe:2.3:a:ibm:db2_connect:9.7.0.4::::unlimited:::
cpe:2.3:a:ibm:db2_connect:9.7.0.5::::application_server:::
cpe:2.3:a:ibm:db2_connect:9.7.0.5::::enterprise:::
cpe:2.3:a:ibm:db2_connect:9.7.0.5::::unlimited:::
cpe:2.3:a:ibm:db2_connect:9.7.0.6::::application_server:::
cpe:2.3:a:ibm:db2_connect:9.7.0.6::::enterprise:::
cpe:2.3:a:ibm:db2_connect:9.7.0.6::::unlimited:::
cpe:2.3:a:ibm:db2_connect:9.7.0.7::::application_server:::
cpe:2.3:a:ibm:db2_connect:9.7.0.7::::enterprise:::
cpe:2.3:a:ibm:db2_connect:9.7.0.7::::unlimited:::
cpe:2.3:a:ibm:db2_connect:9.7.0.8::::application_server:::
cpe:2.3:a:ibm:db2_connect:9.7.0.8::::enterprise:::
cpe:2.3:a:ibm:db2_connect:9.7.0.8::::unlimited:::
cpe:2.3:a:ibm:db2_connect:9.7.0.9::::application_server:::
cpe:2.3:a:ibm:db2_connect:9.7.0.9::::enterprise:::
cpe:2.3:a:ibm:db2_connect:9.7.0.9::::unlimited:::
cpe:2.3:a:ibm:db2_connect:9.7.0.10::::application_server:::
cpe:2.3:a:ibm:db2_connect:9.7.0.10::::enterprise:::
cpe:2.3:a:ibm:db2_connect:9.7.0.10::::unlimited:::
cpe:2.3:a:ibm:db2_connect:9.7.0.11::::application_server:::
cpe:2.3:a:ibm:db2_connect:9.7.0.11::::enterprise:::
cpe:2.3:a:ibm:db2_connect:9.7.0.11::::unlimited:::
cpe:2.3:a:ibm:db2_connect:10.1::::application_server:::
cpe:2.3:a:ibm:db2_connect:10.1::::enterprise:::
cpe:2.3:a:ibm:db2_connect:10.1::::unlimited:::
cpe:2.3:a:ibm:db2_connect:10.1.0.1::::application_server:::
cpe:2.3:a:ibm:db2_connect:10.1.0.1::::enterprise:::
cpe:2.3:a:ibm:db2_connect:10.1.0.1::::unlimited:::
cpe:2.3:a:ibm:db2_connect:10.1.0.2::::application_server:::
cpe:2.3:a:ibm:db2_connect:10.1.0.2::::enterprise:::
cpe:2.3:a:ibm:db2_connect:10.1.0.2::::unlimited:::
cpe:2.3:a:ibm:db2_connect:10.1.0.3::::application_server:::
cpe:2.3:a:ibm:db2_connect:10.1.0.3::::enterprise:::
cpe:2.3:a:ibm:db2_connect:10.1.0.3::::unlimited:::
cpe:2.3:a:ibm:db2_connect:10.1.0.4::::application_server:::
cpe:2.3:a:ibm:db2_connect:10.1.0.4::::enterprise:::
cpe:2.3:a:ibm:db2_connect:10.1.0.4::::unlimited:::
cpe:2.3:a:ibm:db2_connect:10.1.0.5::::application_server:::
cpe:2.3:a:ibm:db2_connect:10.1.0.5::::enterprise:::
cpe:2.3:a:ibm:db2_connect:10.1.0.5::::unlimited:::
cpe:2.3:a:ibm:db2_connect:10.5::::application_server:::
cpe:2.3:a:ibm:db2_connect:10.5::::enterprise:::
cpe:2.3:a:ibm:db2_connect:10.5::::unlimited:::
cpe:2.3:a:ibm:db2_connect:10.5.0.1::::application_server:::
cpe:2.3:a:ibm:db2_connect:10.5.0.1::::enterprise:::
cpe:2.3:a:ibm:db2_connect:10.5.0.1::::unlimited:::
cpe:2.3:a:ibm:db2_connect:10.5.0.2::::application_server:::
cpe:2.3:a:ibm:db2_connect:10.5.0.2::::enterprise:::
cpe:2.3:a:ibm:db2_connect:10.5.0.2::::unlimited:::
cpe:2.3:a:ibm:db2_connect:10.5.0.3::::application_server:::
cpe:2.3:a:ibm:db2_connect:10.5.0.3::::enterprise:::
cpe:2.3:a:ibm:db2_connect:10.5.0.3::::unlimited:::
cpe:2.3:a:ibm:db2_connect:10.5.0.4::::application_server:::
cpe:2.3:a:ibm:db2_connect:10.5.0.4::::enterprise:::
cpe:2.3:a:ibm:db2_connect:10.5.0.4::::unlimited:::
cpe:2.3:a:ibm:db2_connect:10.5.0.5::::application_server:::
cpe:2.3:a:ibm:db2_connect:10.5.0.5::::enterprise:::
cpe:2.3:a:ibm:db2_connect:10.5.0.5::::unlimited:::
cpe:2.3:a:ibm:db2_connect:10.5.0.6::::application_server:::
cpe:2.3:a:ibm:db2_connect:10.5.0.6::::enterprise:::
cpe:2.3:a:ibm:db2_connect:10.5.0.6::::unlimited:::
cpe:2.3:a:ibm:db2_connect:10.5.0.7::::application_server:::
cpe:2.3:a:ibm:db2_connect:10.5.0.7::::enterprise:::
cpe:2.3:a:ibm:db2_connect:10.5.0.7::::unlimited:::
cpe:2.3:a:ibm:db2_connect:11.1.0.0::::application_server:::
cpe:2.3:a:ibm:db2_connect:11.1.0.0::::enterprise:::
cpe:2.3:a:ibm:db2_connect:11.1.0.0::::unlimited:::

OR	cpe:2.3:o:hp:hp-ux::::::::
	cpe:2.3:o:ibm:aix::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

History

21 Nov 2024, 02:55

Type	Values Removed	Values Added
References	~~() http://www-01.ibm.com/support/docview.wss?uid=swg1IT16921 - Vendor Advisory~~	() http://www-01.ibm.com/support/docview.wss?uid=swg1IT16921 - Vendor Advisory
References	~~() http://www-01.ibm.com/support/docview.wss?uid=swg1IT17010 - Permissions Required~~	() http://www-01.ibm.com/support/docview.wss?uid=swg1IT17010 - Permissions Required
References	~~() http://www-01.ibm.com/support/docview.wss?uid=swg1IT17011 - Permissions Required~~	() http://www-01.ibm.com/support/docview.wss?uid=swg1IT17011 - Permissions Required
References	~~() http://www-01.ibm.com/support/docview.wss?uid=swg1IT17012 - Permissions Required~~	() http://www-01.ibm.com/support/docview.wss?uid=swg1IT17012 - Permissions Required
References	~~() http://www-01.ibm.com/support/docview.wss?uid=swg21990061 - Patch, Vendor Advisory~~	() http://www-01.ibm.com/support/docview.wss?uid=swg21990061 - Patch, Vendor Advisory
References	~~() http://www.securityfocus.com/bid/93012 -~~	() http://www.securityfocus.com/bid/93012 -
References	~~() http://www.securitytracker.com/id/1036837 -~~	() http://www.securitytracker.com/id/1036837 -

Information

Published : 2016-10-01 01:59

Updated : 2024-11-21 02:55

NVD link : CVE-2016-5995

Mitre link : CVE-2016-5995

CVE.ORG link : CVE-2016-5995

JSON object : View

Products Affected

ibm

db2_connect
aix
db2

hp-ux

linux

linux_kernel

CWE

CWE-264

Permissions, Privileges, and Access Controls

7.3 /10