CVE-2006-3857

high

Description

Multiple buffer overflows in IBM Informix Dynamic Server (IDS) before 9.40.TC6 and 10.00 before 10.00.TC3 allow remote authenticated users to execute arbitrary code via (1) the getname function, as used by (a) _sq_remview, (b) _sq_remproc, (c) _sq_remperms, (d) _sq_distfetch, and (e) _sq_dcatalog; and the (2) SET DEBUG FILE, (3) IFX_FILE_TO_FILE, (4) FILETOCLOB, (5) LOTOFILE, and (6) DBINFO functions (product defect IDs 171649, 171367, 171387, 171391, 171906, 172179).

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/28157

https://exchange.xforce.ibmcloud.com/vulnerabilities/28127

https://exchange.xforce.ibmcloud.com/vulnerabilities/28126

https://exchange.xforce.ibmcloud.com/vulnerabilities/28120

https://exchange.xforce.ibmcloud.com/vulnerabilities/28119

https://exchange.xforce.ibmcloud.com/vulnerabilities/28118

http://www.vupen.com/english/advisories/2006/3077

http://www.securityfocus.com/bid/19264

http://www.securityfocus.com/archive/1/443210/100/0/threaded

http://www.securityfocus.com/archive/1/443133/100/0/threaded

http://www.osvdb.org/27693

http://www.osvdb.org/27688

http://www.osvdb.org/27687

http://www.osvdb.org/27683

http://www.osvdb.org/27682

http://www.osvdb.org/27681

http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf

http://www-1.ibm.com/support/docview.wss?uid=swg21242921

http://secunia.com/advisories/21301

Details

Source: Mitre, NVD

Published: 2006-08-08

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High