Remote Command Execution Vulnerability in IBM Informix Dynamic Server
CVE-2006-3860

Currently unrated

Key Information:

Vendor: IBM
Status: Informix Dynamic Database Server
Vendor: CVE Published:; 17 August 2006

Summary

IBM Informix Dynamic Server versions prior to 9.40.xC7 and 10.00 versions before 10.00.xC3 are susceptible to a remote command execution vulnerability. This flaw allows authenticated remote users to execute arbitrary commands on the server through specific SQL commands, including 'SET DEBUG FILE', as well as through the 'start_onpload' and 'dbexp' functions. Proper security measures should be taken to mitigate the risks associated with this vulnerability.

References

http://www.osvdb.org/27686

vdb-entryx_refsource_OSVDB

http://www-1.ibm.com/support/docview.wss?uid=swg21242921

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/28121

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Aug 17, 2006
Vulnerability Reserved
Jul 26, 2006