File Overwrite and Information Disclosure in IBM Informix Dynamic Server
CVE-2004-2319

Currently unrated

Key Information:

Vendor: IBM
Status: Informix Dynamic Server; Informix Extended Parallel Server
Vendor: CVE Published:; 31 December 2004

Summary

IBM Informix Dynamic Server versions prior to 9.40.xC3 are susceptible to a vulnerability that enables local users to exploit the /001 log file. This can lead to file creation or overwriting through the onedcu utility. Additionally, a symlink attack can be leveraged to read arbitrary files via /tmp and the onshowaudit command, posing a significant risk to data integrity and confidentiality.

References

http://www.osvdb.org/3760

vdb-entryx_refsource_OSVDB

http://www.securityfocus.com/bid/9511

vdb-entryx_refsource_BID

https://exchange.xforce.ibmcloud.com/vulnerabilities/14969

vdb-entryx_refsource_XF

Timeline

Vulnerability Reserved
Aug 16, 2005
Vulnerability published
Dec 31, 2004