CVE-2006-3857

Multiple buffer overflows in IBM Informix Dynamic Server (IDS) before 9.40.TC6 and 10.00 before 10.00.TC3 allow remote authenticated users to execute arbitrary code via (1) the getname function, as used by (a) _sq_remview, (b) _sq_remproc, (c) _sq_remperms, (d) _sq_distfetch, and (e) _sq_dcatalog; and the (2) SET DEBUG FILE, (3) IFX_FILE_TO_FILE, (4) FILETOCLOB, (5) LOTOFILE, and (6) DBINFO functions (product defect IDs 171649, 171367, 171387, 171391, 171906, 172179).
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ibm:informix_dynamic_database_server:9.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:informix_dynamic_database_server:9.40.tc1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:informix_dynamic_database_server:9.40.tc2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:informix_dynamic_database_server:9.40.tc3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:informix_dynamic_database_server:9.40.tc4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:informix_dynamic_database_server:9.40.tc5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:informix_dynamic_database_server:9.40.uc1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:informix_dynamic_database_server:9.40.uc2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:informix_dynamic_database_server:9.40.uc3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:informix_dynamic_database_server:10.00.tc1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:informix_dynamic_database_server:10.00.tc2:*:*:*:*:*:*:*

History

No history.

Information

Published : 2006-08-08 22:04

Updated : 2024-02-04 16:52


NVD link : CVE-2006-3857

Mitre link : CVE-2006-3857

CVE.ORG link : CVE-2006-3857


JSON object : View

Products Affected

ibm

  • informix_dynamic_database_server