IBM Informix Database onshowaudit Symlink Arbitrary File Access

2004-01-18T06:39:30
ID OSVDB:3758
Type osvdb
Reporter OSVDB
Modified 2004-01-18T06:39:30

Description

Vulnerability Description

Informix contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when temporary files are created insecurely, which will disclose file information resulting in a loss of confidentiality.

Solution Description

Upgrade to Dynamic Server version 9.40.UC3 or Extended Parallel Server version 8.40.UD1 or higher, as they have been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Informix contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when temporary files are created insecurely, which will disclose file information resulting in a loss of confidentiality.

References:

Vendor Specific Advisory URL Secunia Advisory ID:10737 Related OSVDB ID: 3757 Related OSVDB ID: 3760 Related OSVDB ID: 3756 Related OSVDB ID: 3759 Other Advisory URL: http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0023.html ISS X-Force ID: 14969 CVE-2004-2319 Bugtraq ID: 9512 Bugtraq ID: 9511