VYPR
High severity7.8NVD Advisory· Published Aug 26, 2019· Updated Jun 17, 2026

CVE-2019-4447

CVE-2019-4447

Description

IBM DB2 High Performance Unload load for LUW 6.1, 6.1.0.1, 6.1.0.1 IF1, 6.1.0.2, 6.1.0.2 IF1, and 6.1.0.1 IF2 db2hpum_debug is a setuid root binary which trusts the PATH environment variable. A low privileged user can execute arbitrary commands as root by altering the PATH variable to point to a user controlled location. When a crash is induced the trojan gdb command is executed. IBM X-Force ID: 163488.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • IBM/DB2 High Performance Unloadllm-fuzzy2 versions
    6.1, 6.1.0.1, 6.1.0.1 IF1, 6.1.0.2, 6.1.0.2 IF1, and 6.1.0.1 IF2+ 1 more
    • (no CPE)range: 6.1, 6.1.0.1, 6.1.0.1 IF1, 6.1.0.2, 6.1.0.2 IF1, and 6.1.0.1 IF2
    • (no CPE)range: 6.1

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.