Lucene search

[email protected]CVE-2006-3857

HistoryAug 08, 2006 - 10:04 p.m.

CVE-2006-3857

2006-08-0822:04:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

ibm

informix

dynamic server

buffer overflow

remote code execution

security vulnerability

cve-2006-3857

7.4 High

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.028 Low

EPSS

Percentile

90.5%

JSON

Multiple buffer overflows in IBM Informix Dynamic Server (IDS) before 9.40.TC6 and 10.00 before 10.00.TC3 allow remote authenticated users to execute arbitrary code via (1) the getname function, as used by (a) _sq_remview, (b) _sq_remproc, © _sq_remperms, (d) _sq_distfetch, and (e) _sq_dcatalog; and the (2) SET DEBUG FILE, (3) IFX_FILE_TO_FILE, (4) FILETOCLOB, (5) LOTOFILE, and (6) DBINFO functions (product defect IDs 171649, 171367, 171387, 171391, 171906, 172179).

CPENameOperatorVersion
ibm:informix_dynamic_database_serveribm informix dynamic database servereq9.40.tc4
ibm:informix_dynamic_database_serveribm informix dynamic database servereq9.40.uc2
ibm:informix_dynamic_database_serveribm informix dynamic database servereq10.00.tc2
ibm:informix_dynamic_database_serveribm informix dynamic database servereq9.40.uc1
ibm:informix_dynamic_database_serveribm informix dynamic database servereq9.40.tc1
ibm:informix_dynamic_database_serveribm informix dynamic database servereq9.40.uc3
ibm:informix_dynamic_database_serveribm informix dynamic database servereq10.00.tc1
ibm:informix_dynamic_database_serveribm informix dynamic database servereq9.40.tc3
ibm:informix_dynamic_database_serveribm informix dynamic database servereq9.3
ibm:informix_dynamic_database_serveribm informix dynamic database servereq9.40.tc2

CPE	Name	Operator	Version
ibm:informix_dynamic_database_server	ibm informix dynamic database server	eq	9.40.tc4
ibm:informix_dynamic_database_server	ibm informix dynamic database server	eq	9.40.uc2
ibm:informix_dynamic_database_server	ibm informix dynamic database server	eq	10.00.tc2
ibm:informix_dynamic_database_server	ibm informix dynamic database server	eq	9.40.uc1
ibm:informix_dynamic_database_server	ibm informix dynamic database server	eq	9.40.tc1
ibm:informix_dynamic_database_server	ibm informix dynamic database server	eq	9.40.uc3
ibm:informix_dynamic_database_server	ibm informix dynamic database server	eq	10.00.tc1
ibm:informix_dynamic_database_server	ibm informix dynamic database server	eq	9.40.tc3
ibm:informix_dynamic_database_server	ibm informix dynamic database server	eq	9.3
ibm:informix_dynamic_database_server	ibm informix dynamic database server	eq	9.40.tc2

Rows per page:

1-10 of 111

References

secunia.com/advisories/21301

www-1.ibm.com/support/docview.wss?uid=swg21242921

www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf

www.osvdb.org/27681

www.osvdb.org/27682

www.osvdb.org/27683

www.osvdb.org/27687

www.osvdb.org/27688

www.osvdb.org/27693

www.securityfocus.com/archive/1/443133/100/0/threaded

www.securityfocus.com/archive/1/443210/100/0/threaded

www.securityfocus.com/bid/19264

www.vupen.com/english/advisories/2006/3077

exchange.xforce.ibmcloud.com/vulnerabilities/28118

exchange.xforce.ibmcloud.com/vulnerabilities/28119

exchange.xforce.ibmcloud.com/vulnerabilities/28120

exchange.xforce.ibmcloud.com/vulnerabilities/28126

exchange.xforce.ibmcloud.com/vulnerabilities/28127

exchange.xforce.ibmcloud.com/vulnerabilities/28157

7.4 High

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.028 Low

EPSS

Percentile

90.5%

JSON

Related for CVE-2006-3857

securityvulns1 checkpoint_advisories1 nessus1