Lucene search
SAINT CorporationSAINT:EF9202827D4E5D5BCB5793AC5388D82CHistoryMay 09, 2008 - 12:00 a.m.
Informix Dynamic Server sqlexec password argument buffer overflow
2008-05-0900:00:00
SAINT Corporation
www.saintcorporation.com
10
0.924 High
EPSS
Percentile
98.7%
Added: 05/09/2008
CVE: CVE-2008-0727
BID: 28198
OSVDB: 42701
Background
Informix Dynamic Server is a database solution from IBM. The **oninit.exe** process listens for connections on port 1526/TCP.
Problem
The **oninit.exe** process does not sufficiently check the length of command-line arguments passed to the **sqlexec** program. This allows remote attackers to execute commands by specifying a long, specially crafted password argument.
Resolution
Apply one of the updates referenced in ZDI-08-012.
References
<http://www.zerodayinitiative.com/advisories/ZDI-08-012/>
Limitations
Exploit works on Informix Dynamic Server 10.00.TC3.
Platforms
Windows
Related
checkpoint_advisories
checkpoint_advisories
prion
prion
Buffer overflow
2008-03-18 00:44:00
cve
cve
CVE-2008-0727
2008-03-18 00:44:00
saint
saint
Informix Dynamic Server sqlexec password argument buffer overflow
2008-05-09 00:00:00
Informix Dynamic Server sqlexec password argument buffer overflow
2008-05-09 00:00:00
Informix Dynamic Server sqlexec password argument buffer overflow
2008-05-09 00:00:00
securityvulns
securityvulns
zdi
zdi
IBM Informix Dynamic Server DBPATH Buffer Overflow Vulnerability
2008-03-13 00:00:00
seebug
seebug
IBM Informix Dynamic Server多个远程溢出漏洞
2008-03-17 00:00:00