CVE-2006-5664

Name of the Vulnerable Software and Affected Versions: IBM Informix Dynamic Server version 10.00 Informix Client Software Development Kit (CSDK) version 2.90 Informix I-Connect version 2.90

Description: The issue allows local users to compromise security via a symlink attack on temporary files created by the installation script.

Recommendations: For IBM Informix Dynamic Server version 10.00, consider restricting access to the installation script until a fix is available. For Informix Client Software Development Kit (CSDK) version 2.90, avoid using the installation script in environments where local users could exploit the symlink vulnerability. For Informix I-Connect version 2.90, restrict the use of the installation script to trusted users only. At the moment, there is no information about a newer version that contains a fix for this vulnerability.