Buffer Overflow Vulnerability in IBM Informix Dynamic Server
CVE-2004-2490

Currently unrated

Key Information:

Vendor: IBM
Status: Informix Dynamic Server; Informix Extended Parallel Server
Vendor: CVE Published:; 31 December 2004

What is CVE-2004-2490?

A buffer overflow has been identified in IBM Informix Dynamic Server versions 9.40.xC1 and 9.40.xC2. This security flaw allows local users to execute arbitrary code on the affected systems by manipulating the length of the GL_PATH environment variable. When the variable is set to an excessively long value, it can overwrite the memory space, leading to potential security breaches. Immediate action is recommended to mitigate risks associated with this vulnerability.

References

http://www.securityfocus.com/bid/9511

vdb-entryx_refsource_BID

http://marc.info/?l=bugtraq&m=107524391217364&w=2

mailing-listx_refsource_BUGTRAQ

http://secunia.com/advisories/10737

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 25, 2005
Vulnerability published
Dec 31, 2004