PT-2016-4099 · Ibm · Ibm Informix Dynamic Server

Steven Seeley

Publicado

2016-03-22

Atualizado

2016-12-03

CVE-2016-0226

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions IBM Informix Dynamic Server version 11.70.xCn

Description The issue concerns the client implementation in IBM Informix Dynamic Server, which does not properly restrict access to certain executable files. This allows local users to gain privileges via a Trojan horse file, specifically affecting the nsrd, nsrexecd, and portmap executable files.

Recommendations For IBM Informix Dynamic Server version 11.70.xCn, consider restricting access to the nsrd, nsrexecd, and portmap executable files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Access Control

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-284

Identificadores relacionados

CVE-2016-0226

ZDI-16-208

ZDI-16-209

ZDI-16-210

Produtos afetados

Ibm Informix Dynamic Server

PT-2016-4099 · Ibm · Ibm Informix Dynamic Server

CVE-2016-0226

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10