CVE-2010-3894

Name of the Vulnerable Software and Affected Versions IBM OmniFind Enterprise Edition versions prior to 8.5 FP6

Description The issue is related to a stack-based buffer overflow in the Java com ibm es oss CryptionNative ESEncrypt function. This function is located in the /opt/IBM/es/lib/libffq.cryptionjni.so library, which is part of the login form in the administration interface. The overflow can be triggered by a remote attacker using a long password, potentially allowing the execution of arbitrary code.

Recommendations For IBM OmniFind Enterprise Edition versions prior to 8.5 FP6, update to version 8.5 FP6 or later to resolve the issue.