PT-2004-3027 · Ibm · Ibm Informix Dynamic Server

Published

2004-01-27

Updated

2017-07-11

CVE-2004-2131

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions IBM Informix Dynamic Server (IDS) versions 9.40.xC3 and earlier

Description A stack-based buffer overflow issue exists, allowing local users with DSA privileges to execute arbitrary code via a long ONCONFIG environment variable.

Recommendations For IBM Informix Dynamic Server (IDS) versions 9.40.xC3 and earlier, consider restricting access to the ontape utility until a fix is available, and limit the length of the ONCONFIG environment variable to prevent exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2004-2131

Affected Products

Ibm Informix Dynamic Server

PT-2004-3027 · Ibm · Ibm Informix Dynamic Server

CVE-2004-2131

Related Identifiers

Affected Products

References · 9