PT-2016-4099 · Ibm · Ibm Informix Dynamic Server

Steven Seeley

Published

2016-03-22

Updated

2016-12-03

CVE-2016-0226

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions IBM Informix Dynamic Server version 11.70.xCn

Description The issue concerns the client implementation in IBM Informix Dynamic Server, which does not properly restrict access to certain executable files. This allows local users to gain privileges via a Trojan horse file, specifically affecting the nsrd, nsrexecd, and portmap executable files.

Recommendations For IBM Informix Dynamic Server version 11.70.xCn, consider restricting access to the nsrd, nsrexecd, and portmap executable files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

CVE-2016-0226

ZDI-16-208

ZDI-16-209

ZDI-16-210

Affected Products

Ibm Informix Dynamic Server

PT-2016-4099 · Ibm · Ibm Informix Dynamic Server

CVE-2016-0226

Weakness Enumeration

Related Identifiers

Affected Products

References · 10