6.5

CVE-2006-3857

Multiple buffer overflows in IBM Informix Dynamic Server (IDS) before 9.40.TC6 and 10.00 before 10.00.TC3 allow remote authenticated users to execute arbitrary code via (1) the getname function, as used by (a) _sq_remview, (b) _sq_remproc, (c) _sq_remperms, (d) _sq_distfetch, and (e) _sq_dcatalog; and the (2) SET DEBUG FILE, (3) IFX_FILE_TO_FILE, (4) FILETOCLOB, (5) LOTOFILE, and (6) DBINFO functions (product defect IDs 171649, 171367, 171387, 171391, 171906, 172179).
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.82% 0.888
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 8 6.4
AV:N/AC:L/Au:S/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/21301
Patch
Vendor Advisory
http://www-1.ibm.com/support/docview.wss?uid=swg21242921
Patch
http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf
http://www.securityfocus.com/archive/1/443133/100/0/threaded
http://www.securityfocus.com/bid/19264
Patch
http://www.vupen.com/english/advisories/2006/3077
http://www.securityfocus.com/archive/1/443210/100/0/threaded
http://www.osvdb.org/27681
http://www.osvdb.org/27682
http://www.osvdb.org/27683
http://www.osvdb.org/27687
http://www.osvdb.org/27688
http://www.osvdb.org/27693
https://exchange.xforce.ibmcloud.com/vulnerabilities/28118
https://exchange.xforce.ibmcloud.com/vulnerabilities/28119
https://exchange.xforce.ibmcloud.com/vulnerabilities/28120
https://exchange.xforce.ibmcloud.com/vulnerabilities/28126
https://exchange.xforce.ibmcloud.com/vulnerabilities/28127
https://exchange.xforce.ibmcloud.com/vulnerabilities/28157