CVE-2006-3857

Name of the Vulnerable Software and Affected Versions IBM Informix Dynamic Server (IDS) versions prior to 9.40.TC6 IBM Informix Dynamic Server (IDS) versions prior to 10.00.TC3

Description The issue allows remote authenticated users to execute arbitrary code due to multiple buffer overflows. This is possible through the getname function used by various other functions, and the SET DEBUG FILE, IFX FILE TO FILE, FILETOCLOB, LOTOFILE, and DBINFO functions.

Recommendations For IBM Informix Dynamic Server (IDS) versions prior to 9.40.TC6, update to version 9.40.TC6 or later. For IBM Informix Dynamic Server (IDS) versions prior to 10.00.TC3, update to version 10.00.TC3 or later.