Privilege Escalation Vulnerability in IBM Informix Dynamic Server and Client SDK
CVE-2006-5663

Currently unrated

Key Information:

Vendor: IBM
Status: Informix I-connect; Informix Dynamic Server; Informix Client Sdk
Vendor: CVE Published:; 3 November 2006

Summary

IBM Informix Dynamic Server versions 10.00, Informix Client Software Development Kit (CSDK) 2.90, and Informix I-Connect 2.90 have a vulnerability due to insecure permissions assigned to their installation scripts. This flaw allows local users to exploit the permissions and possibly modify the installation scripts, enabling them to gain unauthorized privileges on the system. It is critical for administrators to review the permissions of these scripts to prevent potential exploitation.

References

http://www.vupen.com/english/advisories/2006/4280

vdb-entryx_refsource_VUPEN

http://secunia.com/advisories/22609

third-party-advisoryx_refsource_SECUNIA

http://www-1.ibm.com/support/docview.wss?uid=swg21247438

x_refsource_CONFIRM

Timeline

Vulnerability published
Nov 3, 2006
Vulnerability Reserved
Nov 2, 2006