PT-2007-6889 · Ibm · Ibm Informix Dynamic Server

Publicado

2007-11-14

Atualizado

2017-07-29

CVE-2007-5956

CVSS v2.0

7.2

Alta

Vetor

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions IBM Informix Dynamic Server (IDS) versions prior to 10.00.xC7W1

Description A directory traversal issue allows local users to gain privileges by referencing modified NLS message files through directory traversal sequences in the DBLANG environment variable.

Recommendations For versions prior to 10.00.xC7W1, update to version 10.00.xC7W1 or later to resolve the issue. As a temporary workaround, consider restricting access to the DBLANG environment variable to minimize the risk of exploitation.

Correção

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-22

Identificadores relacionados

CVE-2007-5956

Produtos afetados

Ibm Informix Dynamic Server

PT-2007-6889 · Ibm · Ibm Informix Dynamic Server

CVE-2007-5956

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8