Info

Disclosure

Jul 31, 2006

Discovery

Jan 10, 2005

Dates

Exploit

Unknown

Solution

Unknown

Description

Informix Dynamic Server contains an unspecified flaw related to an overflow in the SQLIDEBUG environment variable that may allow an attacker to execute arbitrary code. No further details have been provided.

Classification

Location: Location Unknown
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Upgrade to version 9.40.xC7, 10.00.xC3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

International Business Machines Corporation	Informix Dynamic Server	9.40.TC5
		10.00.TC1

References

Keyword: #NISR02082006G
Bugtraq ID: 19264
CVE ID: 2006-3862 (see also: NVD)
Secunia Advisory ID: 21301
Related OSVDB ID: 27681 27682 27683 27684 27685 27686 27687 27688 27689 27690 27691 27692 27693
ISS X-Force ID: 28158
VUPEN Advisory: adv-2006-3077
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-08/0264.html
Vendor Specific Advisory URL: http://www-1.ibm.com/support/docview.wss?uid=swg21242921
Vendor URL: http://www-306.ibm.com/software/data/informix/ids/

Credit

David Litchfield - davidngssoftware.com - NGSSoftware

Direct URL: http://osvdb.org/27694

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

International Business Machines Corporation

Informix Dynamic Server

References

Credit