IBM Informix Database INFORMIXDIR Environ Variable File Read

2004-01-28T06:39:30
ID OSVDB:3757
Type osvdb
Reporter OSVDB
Modified 2004-01-28T06:39:30

Description

Vulnerability Description

IBM Informix Dynamic Server and IBM Informix Extended Parallel Server contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when setting the INFORMIXDIR variable to a directory containing malicious files. This flaw may lead to privilege escalation.

Technical Description

When setting the INFORMIXDIR to a directory and adding files to that directory it is possible to abuse system calls such as printf in the affected Informix programs. Vulnerable programs include onparams and ontape which can lead to privilege escalation to informix and root.

Solution Description

Upgrade Informix Dynamic Server to version patch level IDS 9.40.UC3, 9.30.UC7 or 7.31.UD7 fix pack releases or higher. Upgrade Informix Extended Parallel Server to version patch level 8.40.UD1 fix pack releases or higher. An upgrade is required as there are no known workarounds.

Short Description

IBM Informix Dynamic Server and IBM Informix Extended Parallel Server contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when setting the INFORMIXDIR variable to a directory containing malicious files. This flaw may lead to privilege escalation.

References:

Vendor Specific Advisory URL Secunia Advisory ID:10737 Related OSVDB ID: 3758 Related OSVDB ID: 3760 Related OSVDB ID: 3756 Related OSVDB ID: 3759 Bugtraq ID: 9511