Lucene search

MitreCVELIST:CVE-2006-3857

HistoryAug 08, 2006 - 10:00 p.m.

CVE-2006-3857

2006-08-0822:00:00

mitre

www.cve.org

AI Score

7.3

Confidence

Low

EPSS

0.028

Percentile

90.7%

JSON

Multiple buffer overflows in IBM Informix Dynamic Server (IDS) before 9.40.TC6 and 10.00 before 10.00.TC3 allow remote authenticated users to execute arbitrary code via (1) the getname function, as used by (a) _sq_remview, (b) _sq_remproc, © _sq_remperms, (d) _sq_distfetch, and (e) _sq_dcatalog; and the (2) SET DEBUG FILE, (3) IFX_FILE_TO_FILE, (4) FILETOCLOB, (5) LOTOFILE, and (6) DBINFO functions (product defect IDs 171649, 171367, 171387, 171391, 171906, 172179).

References

secunia.com/advisories/21301

www-1.ibm.com/support/docview.wss?uid=swg21242921

www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf

www.osvdb.org/27681

www.osvdb.org/27682

www.osvdb.org/27683

www.osvdb.org/27687

www.osvdb.org/27688

www.osvdb.org/27693

www.securityfocus.com/archive/1/443133/100/0/threaded

www.securityfocus.com/archive/1/443210/100/0/threaded

www.securityfocus.com/bid/19264

www.vupen.com/english/advisories/2006/3077

exchange.xforce.ibmcloud.com/vulnerabilities/28118

exchange.xforce.ibmcloud.com/vulnerabilities/28119

exchange.xforce.ibmcloud.com/vulnerabilities/28120

exchange.xforce.ibmcloud.com/vulnerabilities/28126

exchange.xforce.ibmcloud.com/vulnerabilities/28127

exchange.xforce.ibmcloud.com/vulnerabilities/28157