OSVDB ID: 29349

Title: IBM Informix Dynamic Server Installation Script Permission Weakness Local Privilege Escalation

Info

Disclosure

Oct 01, 2006

Discovery

Unknown

Dates

Exploit

Oct 01, 2006

Solution

Unknown

Description

Informix Dynamic Server contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered due to the installation script creating temporary files insecurely. This flaw may lead to a loss of Confidentiality.

Classification

Location: Local Access Required
Attack Type: Authentication Management
Impact: Loss of Confidentiality
Exploit: Exploit Public
Disclosure: OSVDB Verified

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

International Business Machines Corporation

Informix Dynamic Server

10.UC3RC1 Trial for Linux

References

CVE ID: 2006-5163 (see also: NVD)
Bugtraq ID: 20300
Secunia Advisory ID: 22223
ISS X-Force ID: 29300
Related OSVDB ID: 29348
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0013.html

Credit

Larry Cashdollar - lcashdolgmail.com - Personal Page

Direct URL: http://osvdb.org/29349