-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2019.3210
     Privilege escalation in IBM DB2 HPU debug binary via trusted PATH
                              22 August 2019

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           IBM InfoSphere Optim High Performance Unload
Publisher:         IBM
Operating System:  AIX
                   Linux variants
                   Windows
Impact/Access:     Root Compromise -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2019-4448 CVE-2019-4447 

Original Bulletin: 
   http://www.ibm.com/support/docview.wss?uid=ibm10964592

- --------------------------BEGIN INCLUDED TEXT--------------------

Privilege escalation in IBM DB2 HPU debug binary via trusted PATH

Product:             InfoSphere Optim High Performance Unload for DB2 for
                     Linux, UNIX and Windows
Software version:    6.1,6.1.0.1,6.1.0.1 IF1,6.1.0.2,6.1.0.2 IF1,6.1.0.1 IF2
Operating system(s): AIX, Linux, Windows
Reference #:         0964592

Security Bulletin

Summary

IBM DB2 High Performance Unload load shared libraries from an untrusted path
potentially giving low privilege user full access to root by loading a
malicious shared library.

Vulnerability Details

Relevant CVE Information:
CVEID: CVE-2019-4447
DESCRIPTION: IBM DB2 High Performance Unload load shared libraries from an
untrusted path potentially giving low privilege user full access to root by
loading a malicious shared library.
CVSS Base Score: 8.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
163488 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2019-4448
DESCRIPTION: IBM DB2 High Performance Unload load shared libraries from an
untrusted path potentially giving low privilege user full access to root by
loading a malicious shared library.
CVSS Base Score: 8.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
163489 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

DB2 High Performance Unload load for LUW 6.1

DB2 High Performance Unload load for LUW 6.1.0.1

DB2 High Performance Unload load for LUW 6.1.0.1 IF1

DB2 High Performance Unload load for LUW 6.1.0.2

DB2 High Performance Unload load for LUW 6.1.0.2 IF1

DB2 High Performance Unload load for LUW 6.1.0.2 IF2

Remediation/Fixes

+-------------+-----------+-----------------------------------------------------------------------------+
|Product      |VRMF       |Remediation/First Fix                                                        |
+-------------+-----------+-----------------------------------------------------------------------------+
|InfoSphere   |           |                                                                             |
|Optim High   |           |                                                                             |
|Performance  |           |                                                                             |
|Unload for   |           |https://www.ibm.com/support/fixcentral/swg/selectFixesparent=               |
|DB2 for      |had been   |ibm%7EInformation%20Management&product=ibm/Information+Management/           |
|Linux- UNIX  |fixed in   |Optim+High+Performance+Unload+for+DB2+Linux+UNIX+and+Windows&release=6.1.0.3&|
|and Windows  |V6.1.0.3   |platform=All&function=all                                                    |
+-------------+-----------+-----------------------------------------------------------------------------+

Workarounds and Mitigations

N/A

Acknowledgement

The vulnerability was reported to IBM by Rich Mirch

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXV4TPWaOgq3Tt24GAQhngQ//Xc8yLK8431AgG2M9LhYkj8sw6OV8ko6b
xF5hSu9hp4HF0rWS9jiLEngN9IRonhyhibrOPAD5SNRHqIFb9lr61DEal/Hkw5zJ
oHAwpAmFNnfd2hcTY9y6Ibch0cZZ21rUBrXWPC4S1nza8tWgJeG3+Z6vKB+Jn0fB
nFis3//LCOPnURNHWNzdAlu6UqNMSzogMALu132MOMrJZQVI6LnBkDstiaaBn+eF
ml4PKGBtviA3z4NMVE+4LTZ7bztExm5prSgEiGau3Ea2jG5E+cOriSqw9Yhgmr3z
GLLhv3rCMPrUoGBIn89OE26evx+idHWW36vlqGOuoa/wT+9KiYtZ9xfErSj1Txtu
ceIfrATmVMVV1RMsRGiX/7tKlA0PZhmtME/i6CV5kwwiGCbf+o2Kdw6A2DbYn1ic
iy/xjxB4RqIcF2zA9ABCG1G/UeMeUhmfzLYorNro4U1G3ugLIyMxqumLNAQW1+NB
t9qFYGWKhMXaZfuS+RkDPfFK561XYTquWRiiKvtckn/oQnK5BhNOzFZRU8huEGmV
4Q9pooAC3hNGvED0WuNRGZmKCADUmjikeFJHeBj0SDsaS1v1LgPRMUv5OWpzYXQA
nUVA6CphK1r8JmXzISvFW43S3tHbw8otEVFx7iZZt2/RTyudbai7NxY3V6qomdFp
zGm7mhYgtmE=
=IZbO
-----END PGP SIGNATURE-----