Untrusted search path vulnerability in IBM DB2 9.7 through FP11, 10.1 through FP5, 10.5 before FP8, and 11.1 GA on Linux, AIX, and HP-UX allows local users to gain privileges via a Trojan horse library that is accessed by a setuid or setgid program.
http://www.securityfocus.com/bid/93012
http://www.securitytracker.com/id/1036837
http://www-01.ibm.com/support/docview.wss?uid=swg1IT16921
http://www-01.ibm.com/support/docview.wss?uid=swg1IT17010
http://www-01.ibm.com/support/docview.wss?uid=swg1IT17011
Source: MITRE
Published: 2016-10-01
Updated: 2017-07-30
Type: CWE-264
Base Score: 6.9
Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Impact Score: 10
Exploitability Score: 3.4
Severity: MEDIUM
Base Score: 7.3
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Impact Score: 5.9
Exploitability Score: 1.3
Severity: HIGH