CVE-2006-3857

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2006-3857
Multiple buffer overflows in IBM Informix Dynamic Server (IDS) before 9.40.TC6 and 10.00 before 10.00.TC3 allow remote authenticated users to execute arbitrary code via (1) the getname function, as used by (a) _sq_remview, (b) _sq_remproc, (c) _sq_remperms, (d) _sq_distfetch, and (e) _sq_dcatalog; and the (2) SET DEBUG FILE, (3) IFX_FILE_TO_FILE, (4) FILETOCLOB, (5) LOTOFILE, and (6) DBINFO functions (product defect IDs 171649, 171367, 171387, 171391, 171906, 172179).

6.5 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://secunia.com/advisories/21301 Patch Vendor Advisory
http://www-1.ibm.com/support/docview.wss?uid=swg21242921 Patch
http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf
http://www.osvdb.org/27681
http://www.osvdb.org/27682
http://www.osvdb.org/27683
http://www.osvdb.org/27687
http://www.osvdb.org/27688
http://www.osvdb.org/27693
http://www.securityfocus.com/archive/1/443133/100/0/threaded
http://www.securityfocus.com/archive/1/443210/100/0/threaded
http://www.securityfocus.com/bid/19264 Patch
http://www.vupen.com/english/advisories/2006/3077
https://exchange.xforce.ibmcloud.com/vulnerabilities/28118
https://exchange.xforce.ibmcloud.com/vulnerabilities/28119
https://exchange.xforce.ibmcloud.com/vulnerabilities/28120
https://exchange.xforce.ibmcloud.com/vulnerabilities/28126
https://exchange.xforce.ibmcloud.com/vulnerabilities/28127
https://exchange.xforce.ibmcloud.com/vulnerabilities/28157
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ibm:informix_dynamic_database_server:9.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:informix_dynamic_database_server:9.40.tc1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:informix_dynamic_database_server:9.40.tc2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:informix_dynamic_database_server:9.40.tc3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:informix_dynamic_database_server:9.40.tc4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:informix_dynamic_database_server:9.40.tc5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:informix_dynamic_database_server:9.40.uc1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:informix_dynamic_database_server:9.40.uc2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:informix_dynamic_database_server:9.40.uc3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:informix_dynamic_database_server:10.00.tc1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:informix_dynamic_database_server:10.00.tc2:*:*:*:*:*:*:*
History

No history.

Information

Published : 2006-08-08 22:04

Updated : 2024-02-04 16:52

NVD link : CVE-2006-3857

Mitre link : CVE-2006-3857

CVE.ORG link : CVE-2006-3857

JSON object : View

Products Affected

ibm

  • informix_dynamic_database_server
CWE
NVD-CWE-Other