Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2019.3210 Privilege escalation in IBM DB2 HPU debug binary via trusted PATH 22 August 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: IBM InfoSphere Optim High Performance Unload Publisher: IBM Operating System: AIX Linux variants Windows Impact/Access: Root Compromise -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2019-4448 CVE-2019-4447 Original Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10964592 - --------------------------BEGIN INCLUDED TEXT-------------------- Privilege escalation in IBM DB2 HPU debug binary via trusted PATH Product: InfoSphere Optim High Performance Unload for DB2 for Linux, UNIX and Windows Software version: 6.1,6.1.0.1,6.1.0.1 IF1,6.1.0.2,6.1.0.2 IF1,6.1.0.1 IF2 Operating system(s): AIX, Linux, Windows Reference #: 0964592 Security Bulletin Summary IBM DB2 High Performance Unload load shared libraries from an untrusted path potentially giving low privilege user full access to root by loading a malicious shared library. Vulnerability Details Relevant CVE Information: CVEID: CVE-2019-4447 DESCRIPTION: IBM DB2 High Performance Unload load shared libraries from an untrusted path potentially giving low privilege user full access to root by loading a malicious shared library. CVSS Base Score: 8.4 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 163488 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVEID: CVE-2019-4448 DESCRIPTION: IBM DB2 High Performance Unload load shared libraries from an untrusted path potentially giving low privilege user full access to root by loading a malicious shared library. CVSS Base Score: 8.4 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 163489 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) Affected Products and Versions DB2 High Performance Unload load for LUW 6.1 DB2 High Performance Unload load for LUW 6.1.0.1 DB2 High Performance Unload load for LUW 6.1.0.1 IF1 DB2 High Performance Unload load for LUW 6.1.0.2 DB2 High Performance Unload load for LUW 6.1.0.2 IF1 DB2 High Performance Unload load for LUW 6.1.0.2 IF2 Remediation/Fixes +-------------+-----------+-----------------------------------------------------------------------------+ |Product |VRMF |Remediation/First Fix | +-------------+-----------+-----------------------------------------------------------------------------+ |InfoSphere | | | |Optim High | | | |Performance | | | |Unload for | |https://www.ibm.com/support/fixcentral/swg/selectFixesparent= | |DB2 for |had been |ibm%7EInformation%20Management&product=ibm/Information+Management/ | |Linux- UNIX |fixed in |Optim+High+Performance+Unload+for+DB2+Linux+UNIX+and+Windows&release=6.1.0.3&| |and Windows |V6.1.0.3 |platform=All&function=all | +-------------+-----------+-----------------------------------------------------------------------------+ Workarounds and Mitigations N/A Acknowledgement The vulnerability was reported to IBM by Rich Mirch - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXV4TPWaOgq3Tt24GAQhngQ//Xc8yLK8431AgG2M9LhYkj8sw6OV8ko6b xF5hSu9hp4HF0rWS9jiLEngN9IRonhyhibrOPAD5SNRHqIFb9lr61DEal/Hkw5zJ oHAwpAmFNnfd2hcTY9y6Ibch0cZZ21rUBrXWPC4S1nza8tWgJeG3+Z6vKB+Jn0fB nFis3//LCOPnURNHWNzdAlu6UqNMSzogMALu132MOMrJZQVI6LnBkDstiaaBn+eF ml4PKGBtviA3z4NMVE+4LTZ7bztExm5prSgEiGau3Ea2jG5E+cOriSqw9Yhgmr3z GLLhv3rCMPrUoGBIn89OE26evx+idHWW36vlqGOuoa/wT+9KiYtZ9xfErSj1Txtu ceIfrATmVMVV1RMsRGiX/7tKlA0PZhmtME/i6CV5kwwiGCbf+o2Kdw6A2DbYn1ic iy/xjxB4RqIcF2zA9ABCG1G/UeMeUhmfzLYorNro4U1G3ugLIyMxqumLNAQW1+NB t9qFYGWKhMXaZfuS+RkDPfFK561XYTquWRiiKvtckn/oQnK5BhNOzFZRU8huEGmV 4Q9pooAC3hNGvED0WuNRGZmKCADUmjikeFJHeBj0SDsaS1v1LgPRMUv5OWpzYXQA nUVA6CphK1r8JmXzISvFW43S3tHbw8otEVFx7iZZt2/RTyudbai7NxY3V6qomdFp zGm7mhYgtmE= =IZbO -----END PGP SIGNATURE-----