CVE-2019-4448

Summary

IBM DB2 High Performance Unload load for LUW 6.1, 6.1.0.1, 6.1.0.1 IF1, 6.1.0.2, 6.1.0.2 IF1, and 6.1.0.1 IF2 db2hpum and db2hpum_debug binaries are setuid root and have built-in options that allow an low privileged user the ability to load arbitrary db2 libraries from a privileged context. This results in arbitrary code being executed with root authority. IBM X-Force ID: 163489.

Affected Software

VendorProductVersion RangeStatus
IBMDB2 High Performance Unload load for LUW6.1affected
IBMDB2 High Performance Unload load for LUW6.1.0.1affected
IBMDB2 High Performance Unload load for LUW6.1.0.1IF1affected
IBMDB2 High Performance Unload load for LUW6.1.0.2affected
IBMDB2 High Performance Unload load for LUW6.1.0.2IF1affected
IBMDB2 High Performance Unload load for LUW6.1.0.1IF2affected

Weaknesses

  • Gain Privileges

ADP Enrichment

CVE Program Container

Additional References

References