PT-2006-4715 · Ibm · Ibm Informix Dynamic Server

Published

2006-08-08

Updated

2018-10-17

CVE-2006-3857

CVSS v2.0

6.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions IBM Informix Dynamic Server (IDS) versions prior to 9.40.TC6 IBM Informix Dynamic Server (IDS) versions prior to 10.00.TC3

Description The issue allows remote authenticated users to execute arbitrary code due to multiple buffer overflows. This is possible through the getname function used by various other functions, and the SET DEBUG FILE, IFX FILE TO FILE, FILETOCLOB, LOTOFILE, and DBINFO functions.

Recommendations For IBM Informix Dynamic Server (IDS) versions prior to 9.40.TC6, update to version 9.40.TC6 or later. For IBM Informix Dynamic Server (IDS) versions prior to 10.00.TC3, update to version 10.00.TC3 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-3857

Affected Products

Ibm Informix Dynamic Server

PT-2006-4715 · Ibm · Ibm Informix Dynamic Server

CVE-2006-3857

Related Identifiers

Affected Products

References · 20