IBM Informix Dynamic Server FILETOCLOB() Function Overflow

2006-07-31T04:19:14
ID OSVDB:27683
Type osvdb
Reporter David Litchfield(david@ngssoftware.com)
Modified 2006-07-31T04:19:14

Description

Vulnerability Description

Informix Dynamic Server contains an unspecified flaw related to an overflow in the FILETOCLOB() function that may allow an attacker to execute arbitrary code. No further details have been provided.

Solution Description

Upgrade to version 9.40.xC7, 10.00.xC3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Informix Dynamic Server contains an unspecified flaw related to an overflow in the FILETOCLOB() function that may allow an attacker to execute arbitrary code. No further details have been provided.

References:

Vendor URL: http://www-306.ibm.com/software/data/informix/ids/ Vendor Specific Advisory URL Secunia Advisory ID:21301 Related OSVDB ID: 27688 Related OSVDB ID: 27690 Related OSVDB ID: 27682 Related OSVDB ID: 27684 Related OSVDB ID: 27687 Related OSVDB ID: 27694 Related OSVDB ID: 27689 Related OSVDB ID: 27691 Related OSVDB ID: 27693 Related OSVDB ID: 27681 Related OSVDB ID: 27685 Related OSVDB ID: 27686 Related OSVDB ID: 27692 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-08/0292.html Keyword: #NISR02082006D ISS X-Force ID: 28120 FrSIRT Advisory: ADV-2006-3077 CVE-2006-3857 Bugtraq ID: 19264