CVE-2010-4053

Stack-based buffer overflow in an unspecified logging function in oninit.exe in IBM Informix Dynamic Server (IDS) 11.10 before 11.10.xC2W2 and 11.50 before 11.50.xC1 allows remote authenticated users to execute arbitrary code via a crafted EXPLAIN directive, aka idsdb00154125 and idsdb00154243.

CVSS v2.0 9.0 HIGH

9.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:S/C:C/I:C/A:C

Exploitability : 8.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://secunia.com/advisories/41913	Vendor Advisory
http://www.osvdb.org/68705
http://www.vupen.com/english/advisories/2010/2734	Vendor Advisory
http://www.zerodayinitiative.com/advisories/ZDI-10-216/
https://exchange.xforce.ibmcloud.com/vulnerabilities/62619

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:informix_dynamic_server:11.10:::::::*
	cpe:2.3:a:ibm:informix_dynamic_server:11.50:::::::*

History

No history.

Information

Published : 2010-10-23 20:39

Updated : 2024-02-04 17:54

NVD link : CVE-2010-4053

Mitre link : CVE-2010-4053

CVE.ORG link : CVE-2010-4053

JSON object : View

Products Affected

ibm

informix_dynamic_server

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

{"id": "CVE-2010-4053", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2010-10-23T20:39:04.927", "references": [{"url": "http://secunia.com/advisories/41913", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/68705", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2010/2734", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-216/", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62619", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in an unspecified logging function in oninit.exe in IBM Informix Dynamic Server (IDS) 11.10 before 11.10.xC2W2 and 11.50 before 11.50.xC1 allows remote authenticated users to execute arbitrary code via a crafted EXPLAIN directive, aka idsdb00154125 and idsdb00154243."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer en una funci\u00f3n no especificada en oninit.exe en IBM Informix Dynamic Server (IDS) v11.10 anteriores a v11.10.xC2W2 y v11.50 anteriores a v11.50.xC1 permite a usuarios remotos autenticadaos a ejecutar c\u00f3digo arbitrario a trav\u00e9s de una directiva EXLAIN manipulada, tambi\u00e9n conocido como idsb00154125 e idsdb00154243."}], "lastModified": "2017-08-17T01:33:06.070", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F3398187-9A9C-4584-A186-01DB36C88219"}, {"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.50:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DE122FD4-9164-4638-8E98-7670908E392B"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}