Privilege Escalation in IBM InfoSphere Replication Server and IBM DB2 - CVE-2016-5995
Published: September 19, 2016
Vulnerability identifier: #VU530
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2016-5995
CWE-ID: CWE-284
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: IBM Corporation
Affected software:
IBM InfoSphere Replication Server
IBM DB2
IBM InfoSphere Replication Server
IBM DB2
Detailed vulnerability description
The vulnerability exposes local user's possibility to get root privileges on the target system.
The weakness exists due to access control error. Creating a specially crafted library a malicious user can get elevated privileges and induce the application to arbitrary code execution.
Successful exploitation of the vulnerability allows a local user to gain root privileges on the vulnerable system.
The weakness exists due to access control error. Creating a specially crafted library a malicious user can get elevated privileges and induce the application to arbitrary code execution.
Successful exploitation of the vulnerability allows a local user to gain root privileges on the vulnerable system.
How to mitigate CVE-2016-5995
Update to 10.5 FP8.