CVE-2016-5995

7.3 HIGH

Published: October 01, 2016 Modified: May 06, 2026

Description

Untrusted search path vulnerability in IBM DB2 9.7 through FP11, 10.1 through FP5, 10.5 before FP8, and 11.1 GA on Linux, AIX, and HP-UX allows local users to gain privileges via a Trojan horse library that is accessed by a setuid or setgid program.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg1IT16921

Source: psirt@us.ibm.com

Vendor Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg1IT17010

Source: psirt@us.ibm.com

Permissions Required

http://www-01.ibm.com/support/docview.wss?uid=swg1IT17011

Source: psirt@us.ibm.com

Permissions Required

http://www-01.ibm.com/support/docview.wss?uid=swg1IT17012

Source: psirt@us.ibm.com

Permissions Required

http://www-01.ibm.com/support/docview.wss?uid=swg21990061

Source: psirt@us.ibm.com

Patch Vendor Advisory

http://www.securityfocus.com/bid/93012

Source: psirt@us.ibm.com

http://www.securitytracker.com/id/1036837

Source: psirt@us.ibm.com

http://www-01.ibm.com/support/docview.wss?uid=swg1IT16921