CVE-2006-3854

Name of the Vulnerable Software and Affected Versions IBM Informix Dynamic Server (IDS) versions 9.40.TC7 through 9.40.TC8 IBM Informix Dynamic Server (IDS) versions 10.00.TC4 through 10.00.TC5

Description The issue is caused by a buffer overflow when a long username is used, leading to an overflow in the vsprintf function when displaying the resulting error message, allowing remote attackers to execute arbitrary code.

Recommendations For IBM Informix Dynamic Server (IDS) versions 9.40.TC7 through 9.40.TC8, consider restricting access to the login functionality until a patch is available. For IBM Informix Dynamic Server (IDS) versions 10.00.TC4 through 10.00.TC5, consider restricting access to the login functionality until a patch is available. As a temporary workaround, consider limiting the length of the username to prevent the buffer overflow.