CVE-2006-3857

Currently unrated

Key Information:

Vendor: IBM
Status: Informix Dynamic Database Server
Vendor: CVE Published:; 8 August 2006

Summary

Multiple buffer overflows in IBM Informix Dynamic Server (IDS) before 9.40.TC6 and 10.00 before 10.00.TC3 allow remote authenticated users to execute arbitrary code via (1) the getname function, as used by (a) _sq_remview, (b) _sq_remproc, (c) _sq_remperms, (d) _sq_distfetch, and (e) _sq_dcatalog; and the (2) SET DEBUG FILE, (3) IFX_FILE_TO_FILE, (4) FILETOCLOB, (5) LOTOFILE, and (6) DBINFO functions (product defect IDs 171649, 171367, 171387, 171391, 171906, 172179).

References

http://www.osvdb.org/27693

vdb-entryx_refsource_OSVDB

http://www-1.ibm.com/support/docview.wss?uid=swg21242921

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/28119

vdb-entryx_refsource_XF

EPSS Score

6% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Aug 8, 2006
Vulnerability Reserved
Jul 26, 2006