PT-2006-5901 · Ibm · Ibm Informix Dynamic Server

Larry W. Cashdollar

Published

2006-10-03

Updated

2018-10-17

CVE-2006-5163

CVSS v2.0

3.6

Low

Vector

AV:L/AC:L/Au:N/C:N/I:P/A:P

Name of the Vulnerable Software and Affected Versions IBM Informix Dynamic Server version 10.UC3RC1 Trial for Linux

Description The issue allows local users to append data to arbitrary files via a symlink attack, due to insecure permissions of the /tmp/installserver.txt file created by the software.

Recommendations For IBM Informix Dynamic Server version 10.UC3RC1 Trial for Linux, consider changing the permissions of the /tmp/installserver.txt file to prevent local users from appending data to arbitrary files via a symlink attack. As a temporary workaround, restrict access to the /tmp directory to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-5163

Affected Products

Ibm Informix Dynamic Server

PT-2006-5901 · Ibm · Ibm Informix Dynamic Server

CVE-2006-5163

Related Identifiers

Affected Products

References · 10