Lucene search

[email protected]CVE-2006-3861

HistoryAug 08, 2006 - 10:04 p.m.

CVE-2006-3861

2006-08-0822:04:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

ibm informix

ids

cve-2006-3861

database creation

security vulnerability

6.4 Medium

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

72.7%

JSON

IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before 10.00.xC3 does not use database creation permissions, which allows remote authenticated users to create arbitrary databases.

CPENameOperatorVersion
ibm:informix_dynamic_serveribm informix dynamic servereq9.40.uc3
ibm:informix_dynamic_serveribm informix dynamic servereq9.40.uc2
ibm:informix_dynamic_serveribm informix dynamic servereq9.40.tc5
ibm:informix_dynamic_serveribm informix dynamic servereq9.40.xc5
ibm:informix_dynamic_serveribm informix dynamic servereq9.40.uc1
ibm:informix_dynamic_serveribm informix dynamic servereq10.0.xc1
ibm:informix_dynamic_serveribm informix dynamic servereq10.0
ibm:informix_dynamic_serveribm informix dynamic servereq9.4
ibm:informix_dynamic_serveribm informix dynamic servereq7.31
ibm:informix_dynamic_serveribm informix dynamic servereq9.40.uc5

CPE	Name	Operator	Version
ibm:informix_dynamic_server	ibm informix dynamic server	eq	9.40.uc3
ibm:informix_dynamic_server	ibm informix dynamic server	eq	9.40.uc2
ibm:informix_dynamic_server	ibm informix dynamic server	eq	9.40.tc5
ibm:informix_dynamic_server	ibm informix dynamic server	eq	9.40.xc5
ibm:informix_dynamic_server	ibm informix dynamic server	eq	9.40.uc1
ibm:informix_dynamic_server	ibm informix dynamic server	eq	10.0.xc1
ibm:informix_dynamic_server	ibm informix dynamic server	eq	10.0
ibm:informix_dynamic_server	ibm informix dynamic server	eq	9.4
ibm:informix_dynamic_server	ibm informix dynamic server	eq	7.31
ibm:informix_dynamic_server	ibm informix dynamic server	eq	9.40.uc5

References

secunia.com/advisories/21301

www-1.ibm.com/support/docview.wss?uid=swg21242921

www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf

www.osvdb.org/27692

www.securityfocus.com/archive/1/443133/100/0/threaded

www.securityfocus.com/archive/1/443192/100/0/threaded

www.securityfocus.com/bid/19264

www.vupen.com/english/advisories/2006/3077

exchange.xforce.ibmcloud.com/vulnerabilities/28148

6.4 Medium

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

72.7%

JSON

Related for CVE-2006-3861

securityvulns1 nessus1