Lucene search

[email protected]CVE-2006-5664

HistoryNov 03, 2006 - 1:07 a.m.

CVE-2006-5664

2006-11-0301:07:00

[email protected]

web.nvd.nist.gov

ibm

informix

dynamic server

csdk

symlink attack

cve-2006-5664

security compromise

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.3 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

The installation script in IBM Informix Dynamic Server 10.00, Informix Client Software Development Kit (CSDK) 2.90, and Informix I-Connect 2.90 allows local users to “compromise security” via a symlink attack on temporary files.

Affected configurations

NVD

Node

ibminformix_client_sdkMatch2.90

ibminformix_dynamic_serverMatch10.00

ibminformix_i-connectMatch2.90

CPENameOperatorVersion
ibm:informix_client_sdkibm informix client sdkeq2.90
ibm:informix_dynamic_serveribm informix dynamic servereq10.00
ibm:informix_i-connectibm informix i-connecteq2.90

CPE	Name	Operator	Version
ibm:informix_client_sdk	ibm informix client sdk	eq	2.90
ibm:informix_dynamic_server	ibm informix dynamic server	eq	10.00
ibm:informix_i-connect	ibm informix i-connect	eq	2.90

References

secunia.com/advisories/22609

securitytracker.com/id?1017156

www-1.ibm.com/support/docview.wss?uid=swg21247438

www.vupen.com/english/advisories/2006/4280

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.3 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2006-5664

nvd1 cvelist1