View
2
Download
0
Category
Preview:
DESCRIPTION
Multiples vulnerabilidades detectadas en Informix Dynamic Server (Advisories - Secunia) - 2007
Citation preview
Página 1 Informix Dynamic Server Multiple Vulnerabilities - Advisories - Secunia
05/02/2007 07:53:36 p.m.http://secunia.com/favicon.ico
Ads by Google
Informix GuideKnowledge base about Informix. Find tutorials,articles, faqs.www.Informix.DatabaseCorner.com
CoverityFind Critical Software Defects C/C++ and JavaSource Codewww.coverity.com
Home Corporate Website Mailing Lists RSS Blog Jobs Advertise Search
Ads byGoogle PHP Security Web Security Vulnerability Scanner Vulnerability Scans
Solutions For
Security Professionals
Security Vendors
Free Solutions For
Open Communities
Journalists & Media
Online Services New!
Secunia Blog NewEntry
Software Inspector
Secunia Advisories
Search
Historic Advisories
Listed By Product
Listed By Vendor
Statistics / Graphs
Secunia Research
Report Vulnerability
About Advisories
Virus Information
Chronological List
Last 10 Virus Alerts
About VirusInformation
Secunia Customers
Customer Area
Informix Dynamic Server Multiple Vulnerabilities
Secunia Advisory: SA21301 Release Date: 2006-08-01Last Update: 2006-08-15
Critical:Moderately critical
Impact: Exposure of sensitive informationPrivilege escalationDoSSystem access
Where: From local networkSolution Status: Vendor Patch
Software: IBM Informix Dynamic Server 10.xIBM Informix Dynamic Server 7.xIBM Informix Dynamic Server 9.x
CVE reference: CVE-2006-3853 (Secunia mirror)CVE-2006-3854 (Secunia mirror)CVE-2006-3855 (Secunia mirror)CVE-2006-3856 (Secunia mirror)CVE-2006-3857 (Secunia mirror)CVE-2006-3858 (Secunia mirror)CVE-2006-3859 (Secunia mirror)CVE-2006-3860 (Secunia mirror)CVE-2006-3861 (Secunia mirror)CVE-2006-3862 (Secunia mirror)
Description:NGSSoftware has reported multiple vulnerabilitiesin Informix Dynamic Server, which can beexploited by malicious, local users to gainescalated privileges, by malicious users to causea DoS (Denial of Service) and gain knowledge ofsensitive information, and by malicious people tocompromise a vulnerable system.
1) A boundary error in the "DBINFO()" functioncan be exploited to cause a buffer overflow.
2) A boundary error in the "LOTOFILE()" functioncan be exploited to cause a buffer overflow.
3) A boundary error in the "FILETOCLOB()"function can be exploited to cause a bufferoverflow.
4) It is possible to execute arbitrary commandsvia the "dbimp" , "dbexp", and "start_onpload" procedures in sysmaster.
5) A boundary error within the handling of usernames during the authentication process can be exploitedto cause a stack-based buffer overflow via an overly long username.
Successful exploitation allows execution of arbitrary code.
NOTE: This was originally fixed in a patch, which introduced a boundary error in the error loggingfunctionality.
6) It's possible to execute arbitrary commands via a "SET DEBUG FILE" statement.
7) A boundary error within the handling of "SET DEBUG FILE" statements can be exploited to cause abuffer overflow.
8) A boundary error in the "getname()" function can be exploited to cause a buffer overflow.
9) It's possible to upgrade privileges via C code UDR.
10) Two unspecified errors can be exploited to cause a DoS.
11) User passwords are stored insecurely in plain text in shared memory and may be exposed.
12) Any user has permissions to create a database. This can be exploited to execute arbitrary code.
13) A boundary error in the "ifx_file_to_file()" function can be exploited to cause a buffer overflow.
14) A boundary error within the handling of the "SQLIDEBUG" environment variable in variousapplications can be exploited to cause a stack-based buffer overflow.
Successful exploitation allows execution of arbitrary code with root privileges.
Secunia Poll
What is your timeframefor rolling out WindowsVista?
nmlkjWithin 1 month
nmlkjWithin 3 months
nmlkjWithin 6 months
nmlkjWithin 12 months
nmlkj Later
nmlkj Never
See Results Vote!
Most PopularAdvisories
1.Microsoft OfficeUnspecified StringHandlingVulnerability
2.Mambo UnspecifiedContent EditCancel SQLInjection
3.PostgreSQL Denialof Service andInformationDisclosure
4.Avaya CMS / IRSun Solaris rpcbindDenial of Service
5.phpBB++ "phpbb_root_pat h" FileInclusionVulnerability
6.Avaya ProductsOpenSSH PrivilegeSeparation MonitorWeakness
7.SmartFTP BannerHandling BufferOverflowVulnerability
8.Apple Mac OS XUFS ffs_mountfs()Integer Overflow
9.MediaWiki SortableTables ScriptInsertionVulnerability
10.Simple Invoices
Página 2 Informix Dynamic Server Multiple Vulnerabilities - Advisories - Secunia
05/02/2007 07:53:36 p.m.http://secunia.com/advisories/21301/
This has been reported to affect Informix on the Linux operating system.
15) It is possible to create and write to arbitrary files via the "LOTOFILE", "rlt_tracefile_set", and "SETDEBUG FILE" functions.
16) It is possible to load a malicious library via the "ifx_load_internal" SQL function.
The vulnerabilities have been reported in versions 7.3, 9.4, and 10.0. Prior versions may also beaffected.
Solution:Update to version 7.31.xD9, 9.40.xC8, or 10.00.xC4.
Provided and/or discovered by:David Litchfield and the team at NGSSoftware.
Changelog:2006-08-09: Added CVE references.2006-08-15: Added additional information provided by David Litchfield. Updated "Description" section.Added CVE references.
Original Advisory:IBM:http://www-1.ibm.com/support/docview.wss?uid=swg21242921
DDoS Protection LeaderGlobally renown, anti-DDoS service.Effectiveness SLA provided.
Advanced Query Toolone query tool for all databases powerful,fast and cost-effective
Ads by Google
Please note: The information that this Secunia Advisory is based on comes from a third party unlessstated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups,vendors, and others.
3 Related Secunia Security Advisories
1. IBM Informix Products Insecure Permissions and Temporary File Creation2. IBM Informix Dynamic Server Insecure Temporary File Creation3. IBM Informix Database Multiple Local Vulnerabilities
Send Feedback to Secunia
If you have new information regarding this Secunia advisory or a product in our database, please send itto us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
"module/view"Local File InclusionVulnerability
Vulnerability Management - Terms & Conditions - Copyright 2002-2007 Secunia - Compliance - Contact Secunia
Recommended