Privilege Escalation Vulnerability in IBM Informix Dynamic Server on Windows
CVE-2016-0226

7.8HIGH

Key Information:

Vendor
IBM
Status
Informix Dynamic Server
Vendor
CVE Published:
28 March 2016

Summary

The client implementation in IBM Informix Dynamic Server 11.70.xCn for Windows fails to properly restrict access to critical executable files such as nsrd, nsrexecd, and portmap. This security lapse allows local users to manipulate these files, leading to potential privilege escalation through the introduction of a Trojan horse file. Ensuring that access controls and permissions are correctly configured is essential to mitigate this risk.

References

http://zerodayinitiative.com/advisories/ZDI-16-210/
x_refsource_MISC
http://zerodayinitiative.com/advisories/ZDI-16-209/
x_refsource_MISC
http://www-01.ibm.com/support/docview.wss?uid=swg21978598
x_refsource_CONFIRM

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.