322 matches found
IBM Informix IDS 'librpc.dll'伪造漏洞
IBM Informix Dynamic Server是一款数据库服务程序。 默认监听UDP 111端口的librpc.dll组件存在缺陷,当处理pmapset请求时,进程会校验源地址是否为"127.0.0.1"。此通信通过UDP,无需合法源地址。创建源地址为"127.0.0.1"的UDP报文给此服务,允许远程攻击者注册或注销RPC服务,远程攻击者可以利用此漏洞进行拒绝服务条件或窃听进程通信。 Bugtraq ID: 47875 CVE ID:CVE-2011-1210 IBM Informix IDS 11.70 IBM Informix IDS 11.50.xC8 IBM...
Multiple Vendor librpc.dll Remote Information Disclosure Vulnerability
This vulnerability allows remote attackers to register RPC services on vulnerable installations of EMC Legato Networker and IBM Informix Dynamic Server. Authentication is not required to exploit this vulnerability. The flaw exists within the librpc.dll component which listens by default on UDP po...
CVE-2011-1210: IBM Informix Dynamic Server librpc.dll information disclosure
The vulnerability CVE-2011-1210 affects IBM Informix Dynamic Server (librpc.dll) and EMC Legato Networker. It exists in the UDP-based RPC portmapper on UDP/111, where librpc.dll processes pmap_set requests by validating the source address (127.0.0.1). Because UDP allows spoofed addresses, a remot...
IBM Informix Dynamic Server SET ENVIRONMENT Stack Buffer Overflow (CVE-2011-1033)
IBM Informix Dynamic Server is an online transaction processing data server. IBM Informix Dynamic Server functionalities include an implementation of SQL including SQL statements, data types, and system catalog tables that provide information regarding database structures. A stack-based buffer...
Update Protection against Multiple Vendors librpc.dll Stack Buffer Overflow
A buffer overflow vulnerability exists in IBM's Informix Dynamic Server and EMC's Legato Networker. The vulnerability is due to insufficient validation of user input during authentication by the RPC protocol parsing library, librpc.dll, used by the Portmapper service portmap.exe. Successful...
ZDI-11-050: IBM Informix Dynamic Server SET ENVIRONMENT Remote Code Execution Vulnerability
ZDI-11-050: IBM Informix Dynamic Server SET ENVIRONMENT Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-050 February 7, 2011 - This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 180 day deadline. To view mitigations for...
CVE-2011-1033
Stack-based buffer overflow in oninit in IBM Informix Dynamic Server IDS 11.50 allows remote attackers to execute arbitrary code via crafted arguments in the USELASTCOMMITTED session environment option in a SQL SET ENVIRONMENT statement...
IBM Informix Dynamic Server oninit.exe EXPLAIN Stack Buffer Overflow (CVE-2010-4053)
Informix is a family of relational database management system RDBMS products by IBM. IBM Informix Dynamic Server is an online transaction processing data server. A stack buffer overflow exists in IBM Informix Dynamic Server Database. The vulnerability is caused by insufficient checks within a...
IBM Informix Dynamic Server DBINFO Stack Buffer Overflow (CVE-2010-4069)
Informix is a family of relational database management system RDBMS products by IBM. IBM Informix Dynamic Server is an online transaction processing data server. A stack buffer overflow exists in IBM Informix Dynamic Server Database. The vulnerability is caused by an insufficient bounds checking ...
IBM Informix Dynamic Server DBINFO关键字远程栈溢出漏洞
BUGTRAQ ID: 44190 IBM Informix Dynamic Server为企业提供运行业务所需的任务关键型数据基础设施。 Informix Dynamic Server没有正确地处理用户在SQL查询中提交给DBINFO关键词的参数,远程攻击者可以通过提交恶意查询请求触发栈溢出,导致以数据库服务器的权限执行任意代码。 IBM Informix Dynamic Server 11.50.xC3 IBM Informix Dynamic Server 11.10.xC3 IBM Informix Dynamic Server 10.00.xC10 厂商补丁: IBM ---...
CVE-2010-4070
Integer overflow in librpc.dll in portmap.exe aka the ISM Portmapper service in ISM before 2.20.TC1.117 in IBM Informix Dynamic Server IDS 7.x before 7.31.xD11, 9.x before 9.40.xC10, 10.00 before 10.00.xC8, and 11.10 before 11.10.xC2 allows remote attackers to execute arbitrary code or cause a...
CVE-2010-4069
Stack-based buffer overflow in IBM Informix Dynamic Server IDS 7.x through 7.31, 9.x through 9.40, 10.00 before 10.00.xC10, 11.10 before 11.10.xC3, and 11.50 before 11.50.xC3 allows remote authenticated users to execute arbitrary code via long DBINFO keyword arguments in a SQL statement, aka...
Integer overflow
Integer overflow in librpc.dll in portmap.exe aka the ISM Portmapper service in ISM before 2.20.TC1.117 in IBM Informix Dynamic Server IDS 7.x before 7.31.xD11, 9.x before 9.40.xC10, 10.00 before 10.00.xC8, and 11.10 before 11.10.xC2 allows remote attackers to execute arbitrary code or cause a...
Stack overflow
Stack-based buffer overflow in IBM Informix Dynamic Server IDS 7.x through 7.31, 9.x through 9.40, 10.00 before 10.00.xC10, 11.10 before 11.10.xC3, and 11.50 before 11.50.xC3 allows remote authenticated users to execute arbitrary code via long DBINFO keyword arguments in a SQL statement, aka...
CVE-2010-4069
Stack-based buffer overflow in IBM Informix Dynamic Server IDS 7.x through 7.31, 9.x through 9.40, 10.00 before 10.00.xC10, 11.10 before 11.10.xC3, and 11.50 before 11.50.xC3 allows remote authenticated users to execute arbitrary code via long DBINFO keyword arguments in a SQL statement, aka...
CVE-2010-4070
Integer overflow in librpc.dll in portmap.exe aka the ISM Portmapper service in ISM before 2.20.TC1.117 in IBM Informix Dynamic Server IDS 7.x before 7.31.xD11, 9.x before 9.40.xC10, 10.00 before 10.00.xC8, and 11.10 before 11.10.xC2 allows remote attackers to execute arbitrary code or cause a...
CVE-2010-4069
CVE-2010-4069 affects IBM Informix Dynamic Server (IDS) with a stack-based buffer overflow in the DBINFO handling inside SQL statements. Affects IDS 7.x–7.31, 9.x–9.40, 10.00 before 10.00.xC10, 11.10 before 11.10.xC3, and 11.50 before 11.50.xC3. An attacker with remote authenticated access could ...
CVE-2010-4070
The CVE-2010-4070 issue is an Integer overflow in librpc.dll (portmap.exe) used by the ISM Portmapper service in IBM Informix Dynamic Server (IDS). The overflow occurs via a crafted parameter size and can lead to remote code execution or a denial of service (heap memory corruption). Affected IDS ...
CVE-2010-4053
Stack-based buffer overflow in an unspecified logging function in oninit.exe in IBM Informix Dynamic Server IDS 11.10 before 11.10.xC2W2 and 11.50 before 11.50.xC1 allows remote authenticated users to execute arbitrary code via a crafted EXPLAIN directive, aka idsdb00154125 and idsdb00154243...
CVE-2010-4053
Stack-based buffer overflow in an unspecified logging function in oninit.exe in IBM Informix Dynamic Server IDS 11.10 before 11.10.xC2W2 and 11.50 before 11.50.xC1 allows remote authenticated users to execute arbitrary code via a crafted EXPLAIN directive, aka idsdb00154125 and idsdb00154243...