CVE-2006-3854

2006-08-1701:04:00

[email protected]

web.nvd.nist.gov

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.6

Confidence

Low

EPSS

0.883

Percentile

98.7%

JSON

Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.TC7, 9.40.TC8, 10.00.TC4, and 10.00.TC5, when running on Windows, allows remote attackers to execute arbitrary code via a long username, which causes an overflow in vsprintf when displaying in the resulting error message. NOTE: this issue is due to an incomplete fix for CVE-2006-3853.

Affected configurations

Nvd

Node

ibminformix_dynamic_database_serverMatch9.40.tc7

ibminformix_dynamic_database_serverMatch9.40.tc8

ibminformix_dynamic_database_serverMatch10.00.tc4

ibminformix_dynamic_database_serverMatch10.00.tc5

VendorProductVersionCPE
ibminformix_dynamic_database_server9.40.tc7cpe:2.3:a:ibm:informix_dynamic_database_server:9.40.tc7:*:*:*:*:*:*:*
ibminformix_dynamic_database_server9.40.tc8cpe:2.3:a:ibm:informix_dynamic_database_server:9.40.tc8:*:*:*:*:*:*:*
ibminformix_dynamic_database_server10.00.tc4cpe:2.3:a:ibm:informix_dynamic_database_server:10.00.tc4:*:*:*:*:*:*:*
ibminformix_dynamic_database_server10.00.tc5cpe:2.3:a:ibm:informix_dynamic_database_server:10.00.tc5:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	informix_dynamic_database_server	9.40.tc7	cpe:2.3:a:ibm:informix_dynamic_database_server:9.40.tc7:::::::*
ibm	informix_dynamic_database_server	9.40.tc8	cpe:2.3:a:ibm:informix_dynamic_database_server:9.40.tc8:::::::*
ibm	informix_dynamic_database_server	10.00.tc4	cpe:2.3:a:ibm:informix_dynamic_database_server:10.00.tc4:::::::*
ibm	informix_dynamic_database_server	10.00.tc5	cpe:2.3:a:ibm:informix_dynamic_database_server:10.00.tc5:::::::*