[NT] Informix Dunamic Server Multiple Arbitrary File Access (Write/Read) Vulnerabilities

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html

- - - - - - - - -



Informix Dunamic Server Multiple Arbitrary File Access (Write/Read)
Vulnerabilities
------------------------------------------------------------------------


SUMMARY

Informix Dynamic Server is a database developed by IBM. During a security
assessment of Informix multiple file creation/write/read issues were
discovered.

DETAILS

The LOTOFILE function and rlt_tracefile_set functions can be used to
create and write to files. The SET DEBUG FILE can also be used to create
and write to files.

Fix Information:
IBM was alerted to this flaw on the 6th January 2005. Patches have now
been made available; further a workaround is to revoke public execute
permission of the functions involved. There is no workaround for the set
debug file.

CVE Information:
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3859>
CVE-2006-3859


ADDITIONAL INFORMATION

The information has been provided by <mailto:davidl@xxxxxxxxxxxxxxx>
David Litchfield.
The original article can be found at:
<http://www.ngssoftware.com/research/>
http://www.ngssoftware.com/research/



========================================


This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@xxxxxxxxxxxxxx
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@xxxxxxxxxxxxxx


====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

Relevant Pages

  • [UNIX] IBM Informix Dynamic Server DBLANG Directory Traversal Vulnerability
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... IBM Informix Dynamic Server DBLANG Directory Traversal Vulnerability ... Local exploitation of a directory traversal vulnerability in IBM Corp.'s ... attacker can cause set-uid binaries to use Native Language Support ...
    (Securiteam)
  • [UNIX] IBM Informix Dynamic Server SQLIDEBUG File Creation Vulnerability
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... IBM Informix Dynamic Server SQLIDEBUG File Creation Vulnerability ...
    (Securiteam)
  • [NEWS] IBM Informix Pre-Authentication Stack Overflow
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... IBM Informix Pre-Authentication Stack Overflow ... This pointer references the start of the memory location where the ...
    (Securiteam)
  • [UNIX] SAP sapdba Command
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... The sapdba command for Informix Databases was found to allow any UNIX user ... vulnerabilities sent to vendor. ...
    (Securiteam)
  • [NT] Informix Multiple Buffer Overflow Vulnerabilities
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Informix Multiple Buffer Overflow Vulnerabilities ... Informix Dynamic Server is a database developed by IBM. ... At the SQL level the following SQL statements are vulnerable to overflow. ...
    (Securiteam)